>On the other, wtf, they're still finding bugs in *openssh* and *openssl*, which are possibly the most intensely scrutinized bits of code ever. You honestly think one random person -- one who's not even smart enough to understand ASN.1 -- is going to do better, no matter the protocol?
For starters, why not use a garbage-collected safe language (compiled one which doesn't require a VM, like OCaml or D) for reimplementation of OpenSSH? It'd instantly decrease the number of exploitable buffer-overflow bugs nearly to zero. In fact, I'm reading OpenSSH CVEs and almost _all_ of them are caused by its usage of unsafe language.
New OpenSSL should still be implemented in C, because it's the lowest common denominator, alas.
>Have you seen the horror that lurks in standards that mix XML and crypto? XML has many congenial aspects, but it does not mix well with the "just define a canonical bitstring dammit" world of crypto.