[14406] in cryptography@c2.net mail archive
Re: Monoculture
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Oct 1 22:21:01 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 2 Oct 2003 13:49:00 +1200
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com, don@mit.edu
Don Davis <don@mit.edu> writes:
>there's another rationale my clients often give for wanting a new security
>system, instead of the off- the-shelf standbys: IPSec, SSL, Kerberos, and
>the XML security specs are seen as too heavyweight for some applications.
>the developer doesn't want to shoehorn these systems' bulk and extra
>flexibility into their applications, because most applications don't need
>most of the flexibility offered by these systems.
Hmm, I think the size argument is a bit of a red herring - you can strip SSL
and SSH down and run it in remarkably little space (3DES, RSA, SHA-1 and a
static server cert will get you talking to any non-crippled SSL client, for
example). I've got users running SSL and SSH servers on little 16-bit
embedded systems (alongside the existing app that the SSL or SSH is securing),
and AFAIK their main problem is that doing RSA or DH on the 16-bit CPU isn't
exactly quick.
Peter (still backlogged, if you're waiting for mail please be patient).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
