Monoculture

Jill Ramonsky Jill.Ramonsky at aculab.com
Wed Oct 1 11:48:33 EDT 2003


I could do an implementation of SSL. Speaking as a programmer with an 
interest in crypto, I'm fairly sure I could produce a cleanly 
implemented and simple-to-use version.

I confess I didn't realise there was a need. You see, it's not that it 
"doesn't seem to excite" [me] - it's just that, well, OpenSSL already 
exists, and creating another tool (or library or whatever) to do exactly 
the same thing seems a bit of a waste of time, like re-inventing the 
wheel. If you can provide some reasonably reassurance that it's not a 
waste of time, I'll make a start.

But I would like to ask you to clarify something about SSL which has 
been bugging me. Allow me to present a scenario. Suppose:
(1) Alice runs a web server.
(2) Bob has a web client.
(3) Alice and Bob know each other personally, and see each other every day.
(4) Eve is the bad guy. She runs a Certificate Authority, which is 
trusted by Bob's browser, but not by Bob.
Is it possible for Bob to instruct his browser to (a) refuse to trust 
anything signed by Eve, and (b) to trust Alice's certificate (which she 
handed to him personally)? (And if so, how?)

I am very much hoping that you can answer both (a) and (b) with a yes, 
in which case I will /definitely/ get on with recoding SSL.
Jill





 > -----Original Message-----
 > From: Perry E. Metzger [mailto:perry at piermont.com]
 > Sent: Wednesday, October 01, 2003 3:36 PM
 > To: kent at songbird.com
 > Cc: cryptography at metzdowd.com
 > Subject: Re: Monoculture
 >
 > We could use more implementations of ssl and of ssh, no
 > question.
 >
 > However, suggesting to people that they produce more cleanly
 > implemented and simpler to use versions of existing algorithms and
 > protocols doesn't seem to excite people, although it would be of
 > tremendous utility.
 >
 > Perry
 >


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list