[cryptography] Anti-GSS falsehoods (was Re: IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM))
pgut001 at cs.auckland.ac.nz
Fri Jun 24 02:15:05 EDT 2011
Nico Williams <nico at cryptonector.com> writes:
>Were you aware of any of the above? If so, could you please explain your
>comment in a little bit more detail? If not, then please stop slandering the
Yes, I was aware of that. You can remove the string "GSS-API" from your
comments and replace it with any number of other technologies and the same
To measure "widespread success" I apply the magic-wand test, if you waved a
magic wand and all instances of X disappeared, would anyone notice? With
CryptoAPI and OpenSSL, where you can barely turn on a computer without running
into them at some point, you'd notice fairly quickly. With GSS-API, barely
anyone would notice. I did a (admittedly very rough) straw poll at an
informal gathering of a bunch of people from banks, ISPs, commercial
organisations, telcos, and so on the other day as a litmus test and everyone
was aware of, and could name instances where they'd used CryptoAPI (i.e.
Windows crypto/security) or OpenSSL that day. Of the few who even knew what
GSS-API was, none could recall using it. That's not even in the same league
as CryptoAPI and OpenSSL.
(I'd bet there were as many people there who had heard of Intercal as
GSS-API, although I didn't try a head count).
>Perhaps you *dislike* the GSS-API.
To be honest I have no opinion on it, because it doesn't have enough impact on
anything for me to allocate cycles to it. I'm sorry if you feel I've slighted
your pet(?) API in some way and you feel some need to defend its honour, but
it's just not that significant. And that's entirely my point.
More information about the cryptography