Monoculture
Jill Ramonsky
Jill.Ramonsky at aculab.com
Wed Oct 1 11:48:33 EDT 2003
I could do an implementation of SSL. Speaking as a programmer with an
interest in crypto, I'm fairly sure I could produce a cleanly
implemented and simple-to-use version.
I confess I didn't realise there was a need. You see, it's not that it
"doesn't seem to excite" [me] - it's just that, well, OpenSSL already
exists, and creating another tool (or library or whatever) to do exactly
the same thing seems a bit of a waste of time, like re-inventing the
wheel. If you can provide some reasonably reassurance that it's not a
waste of time, I'll make a start.
But I would like to ask you to clarify something about SSL which has
been bugging me. Allow me to present a scenario. Suppose:
(1) Alice runs a web server.
(2) Bob has a web client.
(3) Alice and Bob know each other personally, and see each other every day.
(4) Eve is the bad guy. She runs a Certificate Authority, which is
trusted by Bob's browser, but not by Bob.
Is it possible for Bob to instruct his browser to (a) refuse to trust
anything signed by Eve, and (b) to trust Alice's certificate (which she
handed to him personally)? (And if so, how?)
I am very much hoping that you can answer both (a) and (b) with a yes,
in which case I will /definitely/ get on with recoding SSL.
Jill
> -----Original Message-----
> From: Perry E. Metzger [mailto:perry at piermont.com]
> Sent: Wednesday, October 01, 2003 3:36 PM
> To: kent at songbird.com
> Cc: cryptography at metzdowd.com
> Subject: Re: Monoculture
>
> We could use more implementations of ssl and of ssh, no
> question.
>
> However, suggesting to people that they produce more cleanly
> implemented and simpler to use versions of existing algorithms and
> protocols doesn't seem to excite people, although it would be of
> tremendous utility.
>
> Perry
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list