On Jun 16, 2005, at 11:47 PM, coco coco wrote:
For a shameless plug, this scheme is designed by myself. I'm giving a brief description here, so you guys can help to see if that makes sense.
[snip]
Yeah, I know, you have not seen the implementation, so not fair to say if that's ok or not. This project is for a government agency, which handles very sensitive data.
Then perhaps your company should hire a security expert to design the security. Defects in portability or performance are low-risk and easily detected, and the cost scales with the time until a patch is deployed. Security vulnerabilities are much more tricky and expensive to detect and the damage may happen all at once, making them very high-risk.
I understand several of the OpenSSL development team are available for consulting.
Josh -- Joshua Juran Metamage Software Creations - Mac Software and Consulting http://www.metamage.com/ * Creation at the highest state of the art * ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]