New Python block cipher API, comments wanted

Chad Netzer cnetzer at mail.arc.nasa.gov
Tue Jan 28 17:02:16 EST 2003 

On Tuesday 28 January 2003 12:34, Paul Rubin wrote:

> I do want to get a package into the 2.3 release.

Pardon me for asking Paul, but why the rush?  'Haste' and 'Cryptography 
toolkit implementation' are two phrases that do not seem like they 
should go together.  I appreciate your enthusiasm, but I can't help but 
think, if you are aiming to get this into the standard python 
distribution, that you should be shooting for the NEXT version of 
python (say 2.4), to let your interface and implementation have time to 
settle out.  PEP 2 would seem to indicate that you will need to build 
some consensus to actually get your module accepted.

You seem to be responding (at least in part) to PEP 272, which has an 
alternate design for a cryptography module (or modules).  Wouldn't it 
be best to respond to that PEP, and update it, or perhaps put forth 
another PEP for people to consider?  Also, there are other python 
cryptography toolkits, why should yours be included and not theirs 
(especially when they've been around longer, and probably have more 
users).  I'd hate to see multiple toolkits put in just because everyone 
was too hasty for the API to settle down and show its worth.

In the mean time, I'd say get a place where people can publicly discuss 
your module (I'll subscribe to python crypto mailing list), and track 
revisions.  Also, get the test vectors included and working, so you can 
make changes without fear of unknowingly breaking the cipher.  And 
when you distribute a tar file, make sure it untars into a 
subdirectory, not the directory of the tar file (which is annoying, 
especially if the number of files grows large)

In any case, I haven't fooled around w/ cryptography since my Java days 
(when I did my graduate coursework in it), and now that there are some 
good Python alternatives, I might get back into it.  But you need to 
allow people time to use your module before you can get reasonable 
feedback on it (IMO).


-- 
Bay Area Python Interest Group - http://www.baypiggies.net/

Chad Netzer
(any opinion expressed is my own and not NASA's or my employer's)

More information about the Python-list mailing list