W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Misconceptions about the GSS-API

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Fri, 13 Jul 2012 21:11:21 +0000
To: Nico Williams <nico@cryptonector.com>
cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <46277.1342213881@critter.freebsd.dk>
In message <CAK3OfOh7P1pdf91UFA8xj6nxj+c0__Bg11HZHy83mAbbBwFmgg@mail.gmail.com>
, Nico Williams writes:

>> One of the main reasons Varnish does not support HTTPS is the the
>> quality of the APIs available, and the elephantine amounts of
>> needless generality behind them.
>
>APIs like OpenSSL's are awful, I give you that.  If you used the
>GSS-API as an interface to TLS you'd have a very trivial client,
>particularly for anonymous clients.  You'd only need these functions:

You seem to overlook half of my argument:  It is both a matter of
API design *AND* lugging around tons of unnecessary code.

>> Crypto for HTTP/2.0 should be specified in a way which is very hard
>> to do wrong, not very hard to do right.
>
>I agree violently.

So lets start from there, if we ever get a chance.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 13 July 2012 21:11:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 13 July 2012 21:11:49 GMT