[Cryptography-dev] Towards a new TLS API

[Glyph]

On Apr 17, 2014, at 7:37 AM, Christopher Armstrong <radix at twistedmatrix.com> wrote:

> as well as some bikeshedding

Some meta-bikeshedding, then, I suppose: "bikeshedding" is, by definition, futile.  Please don't encourage it.

I think you mean something more like "we need to seriously consider all possible preconceptions that our users might be approaching these libraries from, and allow for a longer-than-usual discussion of each name to ensure that it implies the correct type of object so people don't make security mistakes".

In the nuclear-power-plant metaphor, this is not "bikeshedding"; the bike shed is still equally irrelevant.  This is intentionally enduring a very long and tedious discussion about the fire suppression system which would be unnecessary in a more mundane building because when a nuclear power plant catches fire it is suuuuuper important that that stuff works, and there are unusual challenges in keeping it working (like for example some plutonium at a billion degrees burning its way to the center of the earth).

In this case, of course, the fissile material is OpenSSL.

-glyph

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20140419/5c834fab/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4124 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20140419/5c834fab/attachment.bin>