I agree that there is no need to have separate packages for cryptography. Our original goal was to allow separate base algorithms to be loaded individually but there have already been a number of problems with dependencies, especially the need to load MD5 before other packages. I agree with your assessment, and baring no other objections from the team, I would support consolidating base algorithms into Cryptography, and applications into separate packages.
Ron
-----Original Message----- From: Robert Withers [mailto:reefedjib@yahoo.com] Sent: Saturday, April 21, 2007 11:31 AM To: Ron@USMedRec.com; Cryptography Team Development List Subject: Re: [Cryptography Team] RFC: Consolidating the Cryptography library fora general release
Hi Ron,
On Apr 20, 2007, at 7:53 PM, Ron Teitelbaum wrote:
Hi Rob,
Very cool about the SMIME work I'm looking forward to working with it.
I have one last bug to fix for signatures.
There is some working and useful code in MSCerts and I need to review TLS for any dependencies. Also the work that I started which integrates SSL with Kom is there, I think in the tls package, so as long as we don't delete them I'm ok with renaming them. Were you planning on moving SSL and SMIME into another repository or just renaming them within the Cryptography repository?
I was just going to re-categorize them and republish them as SSL and SMIME, but leave them in this repository. I have already done this locally for SMIME, but I am waiting for the go ahead on the consolidation.
We originally separated them out so that someone could select which components they needed.
I thought it was done to assist with concurrent development, but most of it is stable now.
I agree with you that this introduced some load dependencies. Also the size of the classes themselves is not large enough to really warrant their own packages. We probably introduced more problems and confusion then we solved. So I agree with your suggestion and would support having one cryptography package with all the component algorithms, and then separate packages for applications. I should also move my KeyHolder and my PasswordSaltAndStretch somewhere. I'm not sure they are components but they are not really applications either. Suggestions?
I think something in RC2 or something uses KeyHolder, et al. Let's leave them in.
So you agree with my package allocation?
Rob
Ron
-----Original Message----- From: Robert Withers
This is a request for comment on consolidating the Cryptography library for a general release. What I mean by that is consolidating to a single Monticello package, that would allow users to one-click load the basic library. Currently there is an implicit load order which most users don't know. We still don't have Configuration support so that isn't a solution right now.
If this idea is supported, I suggest we look at all the packages and decide which are "in", then generate the Cryptography package with these packages loaded.
Those packages that are not included, like Cryptography-SMIME for instance, should really be renamed to not have the Cryptography- prefix. The old versions can be deleted to keep things clean.
Those packages that are selected, and are determined to be complete, could be deleted as independent packages and we would just rely on them being in the consolidated package and develop there when needed. After this first step is completed, we could reassign the classes to a more compact categorization.
Below is a list of the packages. Please vote and if your vote is yes, what are your package recommendations as described below.
Rob
Packages: Those with a '*' in front are my suggestions as to which is to be included in Cryptography. Those with a '!' in front are my suggestions as to which should be renamed away from Cryptography-. Those with a '+++' are candidates for deletion, since they have been superseded.
- Cryptography-ARC2
- Cryptography-ASN1
- Cryptography-Core
- Cryptography-DES
- Cryptography-DSA
- Cryptography-ElGamal
- Cryptography-MD4
- Cryptography-MD5
- Cryptography-PKCS12
- Cryptography-RC4
- Cryptography-RSA
- Cryptography-RandomAndPrime
- Cryptography-Rijndael
- Cryptography-SHA1
- Cryptography-SHA256
! Cryptography-SMIME ! Cryptography-SSL
- Cryptography-Tests
- Cryptography-X509
+++Fortuna (this exists in RandomAndPrime) ! Cryptography-MSCerts +++Cryptography-TLS (this is superseded by SSL) OpenPGP
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ cryptography
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ cryptography