[cryptography] Anti-GSS falsehoods (was Re: IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM))

Nico Williams nico at cryptonector.com
Thu Jun 23 18:47:50 EDT 2011

On Thu, Jun 23, 2011 at 1:03 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Marsh Ray <marsh at extendedsubset.com> writes:
>>OK, but when one of the buckets has 0 observations in it what is it proving
> That no successful crypto API has ever been designed by a committee?  We have
> (at least) CDSA, TCG, and GSS-API, and none of those have seen any significant
> adoption (by "significant" I mean at the same level as CryptoAPI, OpenSSL,
> etc).

You can repeat that mantra as much as you like, but repetition won't
make true, at least not with regards to GSS.

Every Unix-like OS ships with a GSS-API implementation and it gets
used by a large number of applications.  I've seen *many* proprietary
apps that use it.  Plus there's a fair number of Internet application
protocols that use it.  The most popular Internet GSS application is
SSHv2 -- yes, in the enterprise world SSHv2 with GSS is extremely
popular, and one of the most requested features for years in OpenSSH
and PuTTY before they added support for it.

Windows' SSPI is extremely similar to the GSS-API.  Plus on Windows
the SSPI *is* the API to TLS (and SASL)!  And to top that off, when
used to access GSS mechanisms, the SSPI is wire-compatible with the

Any SSPI developer will be able to use the GSS-API with ease, and
there are *many* SSPI applications (many more still than there are GSS
applications, no doubt).

Are there as many developers familiar with GSS as with OpenSSL, or who
reach for GSS before OpenSSL?  No.  Does that make it a failure?  Not
at all, especially when you factor in the number of SSPI developers.

Were you aware of any of the above?  If so, could you please explain
your comment in a little bit more detail?  If not, then please stop
slandering the GSS-API.

Perhaps you *dislike* the GSS-API.  I would appreciate some detailed
comments as to what's wrong with it (besides "it was designed by
committee") -- I'd like to know what's wrong with it so we can make it
better, or even to make its successor better.


More information about the cryptography mailing list