Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:110204 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 66202 invoked from network); 18 May 2020 13:12:01 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 18 May 2020 13:12:01 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 77A291804C7 for ; Mon, 18 May 2020 04:50:09 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-vs1-f46.google.com (mail-vs1-f46.google.com [209.85.217.46]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 18 May 2020 04:50:08 -0700 (PDT) Received: by mail-vs1-f46.google.com with SMTP id 1so5342998vsl.9 for ; Mon, 18 May 2020 04:50:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=basereality-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=V8x1oLygX1lgHj/gx8A4cvZhhhMk+7mevoAZ5eKk/gM=; b=jMaveIbpamlKkZSsAWkCwtBrVoQuM8yTRg1+nHz0gDKbYp0xAdCJ/FD3tkMJLDP8q6 G3C/IzkFBrTKR2surH+zY1hyhFSO+Cz0wHLHDgSPBfD8vXVxMl8A69myo12rKqe5J1CT kd71J2iBC99jCQL8aKacO6UGzlwyzIiNRqSQ9VEnbWIOu8qcyaFUDOVptg5WLEUYd0zM oq+CtwAjaU4v5nJqaRG0j9uV8EGrHpJaJa4prZGkG09oCQubK6YC8+WWmdo70f+fwlbE gL1D70JyHZD2alDQIHrMs9Fdg+GHV+CrjydzfbLzrdjKuHPfdITElWIBEaKnZg77WN5y fi4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=V8x1oLygX1lgHj/gx8A4cvZhhhMk+7mevoAZ5eKk/gM=; b=BaFvVsVX11SRkdaojX0E5+xSkU7oYW0vxHX+aV/XH6IINoVtw92vITXqmR8AfNr+mS VV5RABtejupELWwhFRaMuZjTBdV0sqgQGVgTwdJGbojPROyBkuaNwuazwB5LKAIAT77K /FMuEjlXN1eFGjjLyjRL5Ff2o3XfQKfnnXF5b8KECfgOwZv06mLAyIIozT5ELNbZLAVk Ny75T7H7i85OijfT0cWdqFmfqJFBlslBDDlt0ZYiIJnCA2bJzrAICMe/9HKvuljumodA mg3bzY+NHt83xYpwsVW16s3siG13eMCPg3VInZSemqC9yhz4WJUeWs/5UuWqKNGQ7NP/ rZjA== X-Gm-Message-State: AOAM530PHxHYt65XsCS3zCZIzKdXwAmZ8ezm1jYiTvFL3v20Q1dlfwgg c8efIs80hDukjmtvrWovWyTg2otfZH4lHFaBf9VNFfxsixB9og== X-Google-Smtp-Source: ABdhPJxGFOBbi3Km40wAle7kE+UjA4nInh7nJXQmonLWP31ILZ7BmYCA+g7NqqmKG2M/71rkxf3phwPNVp4nVQe+kso= X-Received: by 2002:a05:6102:2008:: with SMTP id p8mr1630547vsr.183.1589802605522; Mon, 18 May 2020 04:50:05 -0700 (PDT) MIME-Version: 1.0 References: <95831d80-baa0-a57c-e83a-bc34ae62ecf5@lear.ch> In-Reply-To: Date: Mon, 18 May 2020 12:49:54 +0100 Message-ID: To: Eliot Lear Cc: PHP internals Content-Type: text/plain; charset="UTF-8" Subject: Re: [PHP-DEV] [RFC] Add CMS Support From: Danack@basereality.com (Dan Ackroyd) On Mon, 18 May 2020 at 10:55, Eliot Lear wrote: > > there is an open question as > to whether it should be an RFC I don't think it should be. The questions and problems related to cryptography are far too detailed for a useful conversation to be had for anyone who doesn't understand them deeply. I certainly don't even understand all of the words in the RFC so won't comment on most of it. This is the type of thing that is better handled by trusting release-managers and subject matter experts. > Returns TRUE on success and FALSE on failure. Have you considered using an exception for failures? First, having a cryptographic function fail is bad enough that it needs to break control flow, aka it would be easy to forget to check for false. If the $outfile already existed before the call, and the error condition wasn't checked, that could lead to Bad things. Second, I imagine there are multiple possible reasons why a crypto function could fail. If the error is just 'false', then there would be no way of figuring out what the problem is. More details could be provided in the message of an exception ("can't open file for writing", "signkey wrong format" etc) which would avoid a significant amount of frustration. cheers Dan Ack