Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:84059 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 20897 invoked from network); 28 Feb 2015 00:23:15 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 28 Feb 2015 00:23:15 -0000 Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 173.203.187.123 as permitted sender) X-PHP-List-Original-Sender: fsb@thefsb.org X-Host-Fingerprint: 173.203.187.123 smtp123.iad3a.emailsrvr.com Linux 2.6 Received: from [173.203.187.123] ([173.203.187.123:51141] helo=smtp123.iad3a.emailsrvr.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 12/FE-32582-D6A01F45 for ; Fri, 27 Feb 2015 19:23:10 -0500 Received: from smtp16.relay.iad3a.emailsrvr.com (localhost.localdomain [127.0.0.1]) by smtp16.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id A612F180292; Fri, 27 Feb 2015 19:23:07 -0500 (EST) Received: by smtp16.relay.iad3a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 2EFA818021E; Fri, 27 Feb 2015 19:23:05 -0500 (EST) X-Sender-Id: fsb@thefsb.org Received: from [10.0.1.2] ([UNAVAILABLE]. [73.4.147.142]) (using TLSv1 with cipher DES-CBC3-SHA) by 0.0.0.0:465 (trex/5.4.2); Sat, 28 Feb 2015 00:23:07 GMT User-Agent: Microsoft-MacOutlook/14.4.8.150116 Date: Fri, 27 Feb 2015 19:23:02 -0500 To: Leigh CC: php-internals Message-ID: Thread-Topic: [PHP-DEV] aes_decrypt() aes_encrypt() (was Re: crypto_something) References: In-Reply-To: Mime-version: 1.0 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit Subject: Re: [PHP-DEV] aes_decrypt() aes_encrypt() (was Re: crypto_something) From: fsb@thefsb.org (Tom Worster) On 2/27/15, 4:29 PM, "Leigh" wrote: >On 27 February 2015 at 21:14, Tom Worster wrote: > >> I don't see why we couldn't sponsor an effort to encourage adoption >> of this or some such interoperability protocol. Go to FIG, see if the >> Rails, Node and Django people are interested, and so fourth... > >Feeling pretty pessimistic on this one. Each camp is going to feel >that they know best and push for their own way. If we could get a >mandate from a group of established and respected cryptographers, >maybe :) You're thinking on the right lines but you don't need actual cryptographers to win this argument. You just need expert opinion in the use of cryptography. And all the expert opinion needed is in fact available from trusted sources. Let's look at the objections. Say someone is reluctant, defending their design. Two questions: 1. Do you prefer NIH or interpretability? Clearly the interest of your users means that interoperability is the more important of these two. 2. Should your design represent correct use of the crypto primitives or not? Clearly the answer is the former. At this point the argument is won because there are few correct designs and the differences between them are trivial in comparison to interoperability. Thus anyone really digging their heals in is demonstrably either incompetent or not representing the interests of users.