[PYTHON-CRYPTO] Requirements

[Rich Salz]

> I'm not sure how I feel about this.  I think this could be really useful, but also really complex.

I'm repeating myself. :)  It is not all that complex, and PyXML has done
it.  I agree with Michael that this must be a "Day One" requirement.

> > * The above implies the need for unique identifiers for algorithms,
> > protocols and vendors throughout the whole class API.

Well, we already have OID's for algorithms, and mechanisms.

> > * At least in debug mode an exception should be raised if the
> > application passes wrong types of parameters to class methods of the
> > API.
> I think this should be done all of the time, not just in debug mode.  I'm curious, why do you say "at least in debug mode"?  Is there an example that
> you have in mind where you wouldn't want to know this information?

Sure.  Once my code is written I do not want to pay the overhead of
run-time typechecking.

> * Handle key exchanges and have a key "ring" that is available to all of the algorithms.

Keyring is an interesting idea.  I'm not sure how important it is for
the first release. On the other hand, doing it right will overlap other
areas, particularly if you want to implement it on top of PKCS#11,
CryptoAPI, etc.

>  The key "ring" would be a seperate module that checks to make sure file permissions are "secure" and reads and writes keys.

I'm not sure about this.  How are the keys protected?  On a windows
platform, for example?

        /r$