New Python block cipher API, comments wanted
Chad Netzer
cnetzer at mail.arc.nasa.gov
Tue Jan 28 17:02:16 EST 2003
On Tuesday 28 January 2003 12:34, Paul Rubin wrote:
> I do want to get a package into the 2.3 release.
Pardon me for asking Paul, but why the rush? 'Haste' and 'Cryptography
toolkit implementation' are two phrases that do not seem like they
should go together. I appreciate your enthusiasm, but I can't help but
think, if you are aiming to get this into the standard python
distribution, that you should be shooting for the NEXT version of
python (say 2.4), to let your interface and implementation have time to
settle out. PEP 2 would seem to indicate that you will need to build
some consensus to actually get your module accepted.
You seem to be responding (at least in part) to PEP 272, which has an
alternate design for a cryptography module (or modules). Wouldn't it
be best to respond to that PEP, and update it, or perhaps put forth
another PEP for people to consider? Also, there are other python
cryptography toolkits, why should yours be included and not theirs
(especially when they've been around longer, and probably have more
users). I'd hate to see multiple toolkits put in just because everyone
was too hasty for the API to settle down and show its worth.
In the mean time, I'd say get a place where people can publicly discuss
your module (I'll subscribe to python crypto mailing list), and track
revisions. Also, get the test vectors included and working, so you can
make changes without fear of unknowingly breaking the cipher. And
when you distribute a tar file, make sure it untars into a
subdirectory, not the directory of the tar file (which is annoying,
especially if the number of files grows large)
In any case, I haven't fooled around w/ cryptography since my Java days
(when I did my graduate coursework in it), and now that there are some
good Python alternatives, I might get back into it. But you need to
allow people time to use your module before you can get reasonable
feedback on it (IMO).
--
Bay Area Python Interest Group - http://www.baypiggies.net/
Chad Netzer
(any opinion expressed is my own and not NASA's or my employer's)
More information about the Python-list
mailing list