Hal Murray <[email protected]> writes: >Using a composite with a single OID means that the top level code doesn't >need to change. Things like here is the filename for the key(s) still work. >Yes, the implementation has to open the box. 40 lines of code to split the >key into 2 parts and call the 2 implementations doesn't seem unreasonable.
I was trying to avoid getting bogged down in implementation specifics but I guess I'll have to give one example: My code uses a separation kernel for all objects. There is no way for an Apples object to even know an Oranges object exists, let along do anything with it. Throughout all of crypto history an object has done one thing and one thing only, RSA, DH, ECDSA, AES, SHA-256, Enigma, M-209, whatever (I don't implement the last two). There's no way to do what you're describing, you can't make an object do two entirely different things at the same time. It's like Viktor's hypothetical about keys/ algorithms in two different HSMs, the kernel guarantees isolation of objects. Peter. _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
