At 9:22 9/20/95, Rich Salz wrote:
Jeff, the SSL specification has a severe *architectural* problem - it assumes that Internet Protocols are APIs ... The IETF quite explicitly doesn't care about APIs
With one exception so important that it might blow away your whole complaint...
...GSSAPI. /r$
And we see how far *that* effort has gotten... There was some discussion in Toronto last summer about APIs for the basic transports (i.e. standardizing "sockets", or TLI, or whatever), which got backed off to a list of "required service elements" that a good stack vendor should make available to the app programmers, and then the whole notion got killed off for the reasons I cited. GSSAPI was an attempt to make it easy to slide in authentication & encryption into existing software - lay a foundation for real security in the applications. A fine goal, but a bad plan for achieving the goal. I think they were also trying to avoid blessing any particular crypto scheme, to avoid both the export morass, and the patent morass - "we'll drop in whatever we can get on good terms, later." API and interface standards are to be avoided in part because of the reasons I cited previously, in part because they're hard to do right for all platforms (not everyone uses function-call style system/library calls), and in part because they do not guarantee you interoperability - classic case in point is the Microsoft Mail API (MAPI): you can put *anything* under MAPI: Novell MHS, cc:Mail, QuickMail, or SMTP, just to name a few. If you are not speaking the same wire protocol as your intended correspondent (or peer), you lose, regardless of the fact that your software and hers are both using the same API - you cannot interoperate. What really annoys me is the fuss you see in the trade rags about "middleware" these days; they've missed this entire point about interfaces versus protocols, and they're propagating the misconception that interfaces give interoperability to the general marketplace. And the vendors are laughing all the way to the bank. Erik Fair