Digital signatures have a big problem with meaning
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Jun 10 05:34:28 EDT 2005
Rich Salz <rsalz at datapower.com> writes:
>Peter's shared earlier drafts with me, and we've exchanged email about this.
>The only complaint that has a factual basis is this:
>
> I don't want to have to implement XML processing to do
> XML Digital Signatures
I don't want to have to re-implement Apache in order to do
an SSL implementation.
I don't want to have to re-implement MS Exchange in order to
do a PGP implementation.
I don't want to have to re-implement ext2fs in order to encrypt
a file.
Makes sense to me. The other problem with XML sigs (also pointed out in the
writeup) is the fact that it gives you 10 ways to do everything, of which only
1 is actually correct/secure/usable, but is indistinguishable from the other
9. Since ease of use/secure-by-default is a major goal of my work, I'm rather
reluctant to implement something that lets users blow their feet off in a
dozen different ways without even knowing it.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list