[xmlsec] loading crypto engines as plugins, build changes, etc.

Igor Zlatkovic igor@zlatkovic.com
Sat, 20 Sep 2003 18:31:43 +0200


Hi there,

> Probably in the future we should make mscrypto the default crypto engine
> on Windows (Igor?).

No, but you heard that allready. :-)

There is a difference between security and obscurity. All algorithms are
known, so are most implementations. If you won't show me your code so I see
what it does, then I must assume that you have something to hide and will
compromise my secrets; and I will keep an watchful eye on you, even if I
never meet you again.

Cryptography exists for one, and only one, reason: because people don't
trust each other. If I don't trust you enough to let you read my mail, but I
blindly trust an obscure encryption system you have made, then I am a simple
fool.

The point of it all: Cryptography software is either open source, or
non-existent, as far I am concerned. Everything else can be proprietary, but
crypto cannot. That simply defeats the very reason of its existence. Set
mscrypto as the default in xmlsec and what advantage over msxml would
remain?

> Also it would be nice to include all the supported xmlsec-<crypto>
> libraries in Windows
> binaries (again, Igor? :) )

For the love of completeness, yes. For myself, I would like to leave out
everything that uses a proprietary system beneath. For the reasons described
above, I would not encourage people to use it by distributing the binary.
However, I should have spoken that earlier, before the bloody thing was
made. Leaving it out now is a spit in the face to everyone who contributed
to it. I am not happy about it, but the binary will have all supported bits.

Ciao,
Igor