Re: Misconceptions about the GSS-API

On Fri, Jul 13, 2012 at 4:11 PM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> In message <CAK3OfOh7P1pdf91UFA8xj6nxj+c0__Bg11HZHy83mAbbBwFmgg@mail.gmail.com>
> , Nico Williams writes:
>
> You seem to overlook half of my argument:  It is both a matter of
> API design *AND* lugging around tons of unnecessary code.

Who said you have to?  You don't even need to use the GSS-API itself
to access GSS mechanisms.

I'm using the GSS-API in REST-GSS not because I expect apps to "lug
around" complete GSS implementations, but because it helps produce a
more formal specification.  I'm using the *abstract* API.
Implementors are free to not use the API at all yet still interop.

>>> Crypto for HTTP/2.0 should be specified in a way which is very hard
>>> to do wrong, not very hard to do right.
>>
>>I agree violently.
>
> So lets start from there, if we ever get a chance.

See the above.

Nico
--

Received on Friday, 13 July 2012 21:21:07 UTC