Jill Ramonsky wrote: > Too late. I've already started. Besides which, posts on this group > suggest that there is a demand for such a toolkit.
I think there's demand in the sense that there's demand for free lunches. People would like the inherent complexity to go away, because they can see that there's a way simpler API that addresses _their_ problem, but I fear that a good deal of the complexity in TLS is not removable, so all that will happen is that the API will be unsuitable for almost everyone else's problem - or it'll still be complex. There must be a reason that OpenSSL is popular despite its disgusting API and appalling documentation[1]. I hypothesize its because if you think about it a while you can get it to do almost anything. Its also worth considering that most applications of TLS need other crypto primitives (it seems to me), so merely replacing the TLS part doesn't actually help most people. Anyway, that said, there's certainly room for something that does everything OpenSSL does, only nicely. Cheers, Ben. [1] People have wondered in the past why I maintain OpenSSL if I have such a low opinion of it - the answer is I do it because somebody has to. Or to plagiarise someone else's witticism: the only thing that's worse than OpenSSL is all the alternatives. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]