Replies

"Insecure"? That certainly doesn't sound like a quote from me, are you sure about the quote marks?

Yeah, you certainly said it.

I did say NO encryption system is uncrackable, especially when considering that the people involved are the weakest link -- you, in that thread, said that Kerberos *was* uncrackable, and reliable. Hence our disagreement.

Allow me to refresh your memory. We were discussing web services. You complained that, since the protocol layer for web services is SOAP, that the content could be compromised. I said, no problem. Just use SSL. I then said that you didn't really even have to use SSL, if you didn't like, because you could simply use RSA public key encryption to encrypt the content of the SOAP packet. The encrypted data could then reside inside the SOAP envelope and pass through networks without fear of compromise. To which you complained that representing encrypted data as text was fundamentally insecure. See, you didn't like web services because MS was pushing them big-time, many companies were becoming interested, and your buddies at Sun Microsystems were trying to poo-poo web services for Java because they didn't invent them. So, you made up a pile of stinkin' crap about weak encryption in an attempt to make web services seem unviable. Which was nonsense. I pointed out that protocols such as SSL and Kerberos are used every day to provide an adequate amount of security for millions of transactions per day; then, you erected a strawman, saying that no protocol was crackable (something that I had never arged against, in the first place) and, therefore, nobody should to Web-based transactions. What a joke. Seriously, you should leave the deep-thinking to the big boys. You just aren't cut out... Y'know, I've always wondered -- why do you seem to prefer 'flames' to actual conversation?

So, you made up a pile of stinkin' crap about weak encryption in an attempt to make web services seem unviable.

WTF? Years ago, perhaps that sort of flame use to be fun, but now it's just plain silly.

Odd, too -- over the last few years you seem to have acted so much more adult on several occasions. I haven't seen you launch into an all out flame attack like this in quite some time. You and I had even had friendly, personable exchanges on a few occasions. I thought you had matured, I had come to have some respect for you. But I can not respect someone with such poor communication skills.

Myself, I'm crazy busy these days, too busy to waste time with someone like that. I'm the boss now, and that leaves me little time. I responded cuz you and I have some history, you can be funny and interesting to read, and I had *thought* you had grown beyond such silly flame wars.

If you care, the discussion on that thread was about using SOAP for banking services. SOAP was first pitched to us at JavaOne back in 98 or so, and 70% of my career has been with web-services based-apps, both with and without SOAP. I have what you might consider an 'educated opinion'. I'm not against SOAP cuz of MS. Nor cuz I'm just an idiot. If that's the angle of your comments, thank you for your opinion and I guess our conversation is at an end.

There are good reasons I -- and many, many other top architects -- are not big fans of SOAP. If you don't want to listen to our opinions, that's fine. Just launch another flame back at me. I'll get the 'subtle' hint.

Of course, since this *thread* was about something else entirely, if you'd like to perhaps try a reasonable convesation on this topic . . .