[Cryptography Team] RFC: Consolidating the Cryptography library
fora general release
Ron Teitelbaum
Ron at USMedRec.com
Sun Apr 22 03:32:31 UTC 2007
I agree that there is no need to have separate packages for cryptography.
Our original goal was to allow separate base algorithms to be loaded
individually but there have already been a number of problems with
dependencies, especially the need to load MD5 before other packages. I
agree with your assessment, and baring no other objections from the team, I
would support consolidating base algorithms into Cryptography, and
applications into separate packages.
Ron
> -----Original Message-----
> From: Robert Withers [mailto:reefedjib at yahoo.com]
> Sent: Saturday, April 21, 2007 11:31 AM
> To: Ron at USMedRec.com; Cryptography Team Development List
> Subject: Re: [Cryptography Team] RFC: Consolidating the Cryptography
> library fora general release
>
> Hi Ron,
>
>
> On Apr 20, 2007, at 7:53 PM, Ron Teitelbaum wrote:
>
> > Hi Rob,
> >
> > Very cool about the SMIME work I'm looking forward to working with it.
>
> I have one last bug to fix for signatures.
>
> > There is some working and useful code in MSCerts and I need to
> > review TLS
> > for any dependencies. Also the work that I started which
> > integrates SSL
> > with Kom is there, I think in the tls package, so as long as we
> > don't delete
> > them I'm ok with renaming them. Were you planning on moving SSL
> > and SMIME
> > into another repository or just renaming them within the Cryptography
> > repository?
>
> I was just going to re-categorize them and republish them as SSL and
> SMIME, but leave them in this repository. I have already done this
> locally for SMIME, but I am waiting for the go ahead on the
> consolidation.
>
> > We originally separated them out so that someone could select which
> > components they needed.
>
> I thought it was done to assist with concurrent development, but most
> of it is stable now.
>
> > I agree with you that this introduced some load
> > dependencies. Also the size of the classes themselves is not large
> > enough
> > to really warrant their own packages. We probably introduced more
> > problems
> > and confusion then we solved. So I agree with your suggestion and
> > would
> > support having one cryptography package with all the component
> > algorithms,
> > and then separate packages for applications. I should also move my
> > KeyHolder and my PasswordSaltAndStretch somewhere. I'm not sure
> > they are
> > components but they are not really applications either. Suggestions?
>
> I think something in RC2 or something uses KeyHolder, et al. Let's
> leave them in.
>
> So you agree with my package allocation?
>
> Rob
>
> >
> > Ron
> >
> >> -----Original Message-----
> >> From: Robert Withers
> >>
> >> This is a request for comment on consolidating the Cryptography
> >> library for a general release. What I mean by that is consolidating
> >> to a single Monticello package, that would allow users to one-click
> >> load the basic library. Currently there is an implicit load order
> >> which most users don't know. We still don't have Configuration
> >> support so that isn't a solution right now.
> >>
> >> If this idea is supported, I suggest we look at all the packages and
> >> decide which are "in", then generate the Cryptography package with
> >> these packages loaded.
> >>
> >> Those packages that are not included, like Cryptography-SMIME for
> >> instance, should really be renamed to not have the Cryptography-
> >> prefix. The old versions can be deleted to keep things clean.
> >>
> >> Those packages that are selected, and are determined to be complete,
> >> could be deleted as independent packages and we would just rely on
> >> them being in the consolidated package and develop there when
> >> needed. After this first step is completed, we could reassign the
> >> classes to a more compact categorization.
> >>
> >> Below is a list of the packages. Please vote and if your vote is
> >> yes, what are your package recommendations as described below.
> >>
> >> Rob
> >>
> >> Packages:
> >> Those with a '*' in front are my suggestions as to which is to be
> >> included in Cryptography. Those with a '!' in front are my
> >> suggestions as to which should be renamed away from Cryptography-.
> >> Those with a '+++' are candidates for deletion, since they have been
> >> superseded.
> >>
> >> * Cryptography-ARC2
> >> * Cryptography-ASN1
> >> * Cryptography-Core
> >> * Cryptography-DES
> >> * Cryptography-DSA
> >> * Cryptography-ElGamal
> >> * Cryptography-MD4
> >> * Cryptography-MD5
> >> * Cryptography-PKCS12
> >> * Cryptography-RC4
> >> * Cryptography-RSA
> >> * Cryptography-RandomAndPrime
> >> * Cryptography-Rijndael
> >> * Cryptography-SHA1
> >> * Cryptography-SHA256
> >> ! Cryptography-SMIME
> >> ! Cryptography-SSL
> >> * Cryptography-Tests
> >> * Cryptography-X509
> >> +++Fortuna (this exists in RandomAndPrime)
> >> ! Cryptography-MSCerts
> >> +++Cryptography-TLS (this is superseded by SSL)
> >> OpenPGP
> >>
> >> _______________________________________________
> >> Cryptography mailing list
> >> Cryptography at lists.squeakfoundation.org
> >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> >> cryptography
> >
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> > cryptography
More information about the Cryptography
mailing list