ekr at rtfm.com
Mon Jul 7 19:53:22 EDT 2003
tom st denis <tomstdenis at yahoo.com> writes:
> --- Eric Rescorla <ekr at rtfm.com> wrote:
> > tom st denis <tomstdenis at yahoo.com> writes:
> > > Two weeks ago I sat down to learn how to code my own SSL lib [key
> > on
> > > being small]. Suffice it to say after reading the 67 page RFC for
> > SSL
> > > 3.0 I have no clue whatsoever how to implement SSL.
> > Funny, none of the 30 or so other people who have done SSL
> > implementations had any problem.
> Arrg whatever. I really don't give a hoot what you think.
> What I don't get is you guys who are presumably a smart bunch can't
> figure out that
> I'm just writing a simple library to provide secure sockets. That's
> it, that's all.
In other words, this is just an exercise in Not Invented Here. Wonderful.
> Believe it or not, this may come as a surprise to you, but not everyone
> requires standsrd compliant protocols.
If the past 20 years of security work have taught us anything, it's
the value of standardized tools that get a lot of review so that
we can be confident that they're not totally hosed. When people go
off and invent their own stuff without good reason, that's not
good security practice. That's fine if they're just screwing around,
but when they come up with all sorts of bogus reasons why people
might want to use their homegrown stuff instead of the standard
stuff, that's not so fine.
Moreover, your original message said that you intended to use
SSL, but as you yourself admit, you don't understand it and yet
you feel comfortable holding forth about it's merits compared
to your brand new protocol. Huh?
P.S. You claimed earlier that you didn't think RFC 2246 was clear
enough to write a complaint implementation. I was sincere in asking
what you find underspecified. It's my job to make it as complete
[Eric Rescorla ekr at rtfm.com]
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography