Re: The OpenSSL API
- From: phil-news-nospam@xxxxxxxx
- Date: 20 Aug 2007 12:34:36 GMT
On Mon, 20 Aug 2007 09:00:03 -0000 Harold Weissman <HaroldW22@xxxxxxxxxxx> wrote:
| On Mon, 20 Aug 2007 01:40:29 +0000, phil-news-nospam wrote:
|
|> On Sun, 19 Aug 2007 08:33:02 -0000 Harold Weissman
|> <HaroldW22@xxxxxxxxxxx> wrote:
|>
|> | The specialized literature has made similar criticisms of the |
|> OpenSSL API. This API is the most widely used not because it is the best
|> | around, but despite of the fact that it isn't.
|>
|> I believe OpenSSL is GPL licensed. That means you would be able to make
|> use of the code developments of OpenSSL to speed up the developement of
|> SimpleHWSSL. You think you could have it done in by the end of the
|> year? If a simpler API is indeed what people want, it should be popular
|> and you may even get a corporate sponsor. Go ahead and open a
|> SourceForge project and you may even get others wanting to join in and
|> help.
|
| (Sigh) I am not claiming to have a better API. I am just trying
| to start a discussion on the merits of OpenSSL's API, and to obtain
| justifications as to why it is (why it has to be) so complicated. So far
| I have only got generalities like "security is complicated", "the API is
| not so complicated" or "the API has the right complexity level". Which is
| all fine, but not really compelling.
Maybe the people you need to be discussing that with are the developers.
OpenSSL is not a Linux specific thing; it can be used on other Unix-class
systems as well as non-Unix class systems (e.g. Windows, VxWorks, etc).
If your views are to end up producing something better, you will need to:
1. develop it yourself
2. -or- convince the OpenSSL developers to do it
3. -or- find someone else interested in it
This newsgroup is not the venue for any of those.
| I cheerfully acknowledge to the possibility that I may be totally
| wrong, in that any viable SSL API must have a complexity level comparable
| to OpenSSL's. I have, however, yet to have any convincing evidence (in
| this forum and elsewhere) that such is the case; a single counterexample
| that could not be programmed in the oversimplistic API I mentioned would
| be enough. Please do provide it if you can.
I personally feel it is complicated, but accept that the goals of the
library were to cover as many possible cases and variations of usage as
possible, and hence need to have everything specified, and everything
handled. I do know enough about security to know that there are a lot
of things that I don't know. I'm assuming the OpenSSL developers know
more than I do about it. I've seen many things in the API that I would
say "I can't see how I could ever need that". But I cannot generalize
it and say "no one could ever need that".
If you want to discuss an API I'm more familar with, try the one I created
which is part of the library at avlmap.slashusr.org. But let's do that
one by private email; this newsgroup isn't the place.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2007-08-20-0726@xxxxxxxx |
|------------------------------------/-------------------------------------|
.
- Follow-Ups:
- Re: The OpenSSL API
- From: Harold Weissman
- Re: The OpenSSL API
- References:
- The OpenSSL API
- From: Harold Weissman
- Re: The OpenSSL API
- From: David Schwartz
- Re: The OpenSSL API
- From: Harold Weissman
- Re: The OpenSSL API
- From: David Schwartz
- Re: The OpenSSL API
- From: Harold Weissman
- Re: The OpenSSL API
- From: phil-news-nospam
- Re: The OpenSSL API
- From: Harold Weissman
- The OpenSSL API
- Prev by Date: Re: yum problem
- Next by Date: Re: To IPsec or not to IPsec
- Previous by thread: Re: The OpenSSL API
- Next by thread: Re: The OpenSSL API
- Index(es):
Relevant Pages
|
