[cryptography] Anti-GSS falsehoods (was Re: IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM))

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Jun 24 02:15:05 EDT 2011

Nico Williams <nico at cryptonector.com> writes:

>Were you aware of any of the above? If so, could you please explain your 
>comment in a little bit more detail? If not, then please stop slandering the 

Yes, I was aware of that.  You can remove the string "GSS-API" from your 
comments and replace it with any number of other technologies and the same 
still holds.

To measure "widespread success" I apply the magic-wand test, if you waved a 
magic wand and all instances of X disappeared, would anyone notice?  With 
CryptoAPI and OpenSSL, where you can barely turn on a computer without running 
into them at some point, you'd notice fairly quickly.  With GSS-API, barely 
anyone would notice.  I did a (admittedly very rough) straw poll at an 
informal gathering of a bunch of people from banks, ISPs, commercial 
organisations, telcos, and so on the other day as a litmus test and everyone 
was aware of, and could name instances where they'd used CryptoAPI (i.e. 
Windows crypto/security) or OpenSSL that day.  Of the few who even knew what 
GSS-API was, none could recall using it.  That's not even in the same league 
as CryptoAPI and OpenSSL.

(I'd bet there were as many people there who had heard of Intercal as 
GSS-API, although I didn't try a head count).

>Perhaps you *dislike* the GSS-API.

To be honest I have no opinion on it, because it doesn't have enough impact on 
anything for me to allocate cycles to it.  I'm sorry if you feel I've slighted 
your pet(?) API in some way and you feel some need to defend its honour, but 
it's just not that significant.  And that's entirely my point.


More information about the cryptography mailing list