[17450] in cryptography@c2.net mail archive
Re: Digital signatures have a big problem with meaning
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Mon Jun 13 14:42:22 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com, rsalz@datapower.com
In-Reply-To: <Pine.LNX.4.44L0.0506062322270.1322-100000@smtp.datapower.com>
Date: Fri, 10 Jun 2005 21:34:28 +1200
Rich Salz <rsalz@datapower.com> writes:
>Peter's shared earlier drafts with me, and we've exchanged email about this.
>The only complaint that has a factual basis is this:
>
> I don't want to have to implement XML processing to do
> XML Digital Signatures
I don't want to have to re-implement Apache in order to do
an SSL implementation.
I don't want to have to re-implement MS Exchange in order to
do a PGP implementation.
I don't want to have to re-implement ext2fs in order to encrypt
a file.
Makes sense to me. The other problem with XML sigs (also pointed out in the
writeup) is the fact that it gives you 10 ways to do everything, of which only
1 is actually correct/secure/usable, but is indistinguishable from the other
9. Since ease of use/secure-by-default is a major goal of my work, I'm rather
reluctant to implement something that lets users blow their feet off in a
dozen different ways without even knowing it.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
