Re: The OpenSSL API
- From: Harold Weissman <HaroldW22@xxxxxxxxxxx>
- Date: Mon, 20 Aug 2007 15:18:57 -0000
On Mon, 20 Aug 2007 12:34:36 +0000, phil-news-nospam wrote:
On Mon, 20 Aug 2007 09:00:03 -0000 Harold Weissman
<HaroldW22@xxxxxxxxxxx> wrote: | On Mon, 20 Aug 2007 01:40:29 +0000,
phil-news-nospam wrote: |
|> On Sun, 19 Aug 2007 08:33:02 -0000 Harold Weissman |>
<HaroldW22@xxxxxxxxxxx> wrote:
|>
|> | The specialized literature has made similar criticisms of
the | |> OpenSSL API. This API is the most widely used not because it is
the best |> | around, but despite of the fact that it isn't. |>
|> I believe OpenSSL is GPL licensed. That means you would be able to
make |> use of the code developments of OpenSSL to speed up the
developement of |> SimpleHWSSL. You think you could have it done in by
the end of the |> year? If a simpler API is indeed what people want, it
should be popular |> and you may even get a corporate sponsor. Go ahead
and open a |> SourceForge project and you may even get others wanting to
join in and |> help.
|
| (Sigh) I am not claiming to have a better API. I am just trying
| to start a discussion on the merits of OpenSSL's API, and to obtain |
justifications as to why it is (why it has to be) so complicated. So far
| I have only got generalities like "security is complicated", "the API
is | not so complicated" or "the API has the right complexity level".
Which is | all fine, but not really compelling.
Maybe the people you need to be discussing that with are the developers.
OpenSSL is not a Linux specific thing; it can be used on other
Unix-class systems as well as non-Unix class systems (e.g. Windows,
VxWorks, etc).
I believe you are to a large extent right. What I was looking for
from this group was, for the most part, feedback on the networking
aspects of OpenSSL.
If your views are to end up producing something better, you will need
to: 1. develop it yourself
2. -or- convince the OpenSSL developers to do it 3. -or- find someone
else interested in it This newsgroup is not the venue for any of those.
| I cheerfully acknowledge to the possibility that I may be
totally | wrong, in that any viable SSL API must have a complexity level
comparable | to OpenSSL's. I have, however, yet to have any convincing
evidence (in | this forum and elsewhere) that such is the case; a single
counterexample | that could not be programmed in the oversimplistic API
I mentioned would | be enough. Please do provide it if you can.
I personally feel it is complicated, but accept that the goals of the
library were to cover as many possible cases and variations of usage as
possible, and hence need to have everything specified, and everything
handled. I do know enough about security to know that there are a lot
of things that I don't know. I'm assuming the OpenSSL developers know
more than I do about it. I've seen many things in the API that I would
say "I can't see how I could ever need that". But I cannot generalize
it and say "no one could ever need that".
If you want to discuss an API I'm more familar with, try the one I
created which is part of the library at avlmap.slashusr.org. But let's
do that one by private email; this newsgroup isn't the place.
.
- Follow-Ups:
- Re: The OpenSSL API
- From: phil-news-nospam
- Re: The OpenSSL API
- References:
- The OpenSSL API
- From: Harold Weissman
- Re: The OpenSSL API
- From: David Schwartz
- Re: The OpenSSL API
- From: Harold Weissman
- Re: The OpenSSL API
- From: David Schwartz
- Re: The OpenSSL API
- From: Harold Weissman
- Re: The OpenSSL API
- From: phil-news-nospam
- Re: The OpenSSL API
- From: Harold Weissman
- Re: The OpenSSL API
- From: phil-news-nospam
- The OpenSSL API
- Prev by Date: Wifi LR802UWG
- Next by Date: Re: ssh tunnel to non-standard ssh port
- Previous by thread: Re: The OpenSSL API
- Next by thread: Re: The OpenSSL API
- Index(es):
Relevant Pages
|
