Newsgroups: php.doc,php.internals
Path: news.php.net
Xref: news.php.net php.doc:969386546 php.internals:98783
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 74186 invoked from network); 13 Apr 2017 09:14:20 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 13 Apr 2017 09:14:20 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:43610] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A3/2E-18853-9614FE85 for <internals@lists.php.net>; Thu, 13 Apr 2017 05:14:20 -0400
Received: (qmail 47834 invoked by uid 89); 13 Apr 2017 09:14:13 -0000
Received: from unknown (HELO mail-qk0-f170.google.com) (yohgaki@ohgaki.net@209.85.220.170)
  by 0 with ESMTPA; 13 Apr 2017 09:14:13 -0000
Received: by mail-qk0-f170.google.com with SMTP id h67so43272883qke.0;
        Thu, 13 Apr 2017 02:14:12 -0700 (PDT)
X-Gm-Message-State: AN3rC/7LEWcGDHKpeHRjCFVMFagcOZ8jwZNvnrWz0wYGlhGyULh9l7Is
	UEnlixCJWERXyjpCMEt1W7xxkEAuLw==
X-Received: by 10.55.195.142 with SMTP id r14mr1503982qkl.260.1492074846992;
 Thu, 13 Apr 2017 02:14:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.27.179 with HTTP; Thu, 13 Apr 2017 02:13:26 -0700 (PDT)
In-Reply-To: <CAGa2bXaUt0LsjDbM0XmmkrMj=1=RG2H0qP4QmWJCDCb5F=GMGg@mail.gmail.com>
References: <CAGa2bXbUYDgJxmmZfuS5ZbWCLjq0QPpDioM-zkU9j7EHA-D_ag@mail.gmail.com>
 <CAGa2bXZ9_DtktnGpX38DHUvEzU4=9wMc_23fKxudzZWZ49A+Hw@mail.gmail.com>
 <0285A0ED-A39F-46C9-A927-3C786F2B256D@koalephant.com> <CAGa2bXYFw6Uz9cLFM1QT9ULak9uJcM4mr0R59TEa0eYf-tAm+Q@mail.gmail.com>
 <CAGa2bXYnDgvsWi4kCdajnnQ-psCPThpLu3_EK_DprLWsX+UZ2A@mail.gmail.com>
 <CAL=_i_n4KSfx=TGMjTnjjszaNzVqT=V=GPZFyiLYFuzb8RxCgQ@mail.gmail.com>
 <CAGa2bXZ6JMKWsY=Cea-=V=g09jdTQGDOg7TtJrf6_higU0KW3Q@mail.gmail.com>
 <1924612862.1298112.1492071094545.JavaMail.zimbra@pieterhordijk.com> <CAGa2bXaUt0LsjDbM0XmmkrMj=1=RG2H0qP4QmWJCDCb5F=GMGg@mail.gmail.com>
Date: Thu, 13 Apr 2017 18:13:26 +0900
X-Gmail-Original-Message-ID: <CAGa2bXbYdwaPUtJ9QE++62dsOqLxQEox_4K5BmPZXjNZLD4pzw@mail.gmail.com>
Message-ID: <CAGa2bXbYdwaPUtJ9QE++62dsOqLxQEox_4K5BmPZXjNZLD4pzw@mail.gmail.com>
To: Pieter Hordijk <info@pieterhordijk.com>
Cc: Joe Watkins <pthreads@pthreads.org>, Andrey Andreev <narf@devilix.net>, 
	"internals@lists.php.net" <internals@lists.php.net>, PHP Documentation ML <phpdoc@lists.php.net>
Content-Type: multipart/alternative; boundary=001a114784463be090054d08bf88
Subject: Re: [PHP-DEV] [RFC][VOTE] Improve hash_hkdf() parameter
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--001a114784463be090054d08bf88
Content-Type: text/plain; charset=UTF-8

Hi Pieter,

On Thu, Apr 13, 2017 at 5:38 PM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:

>
> On Thu, Apr 13, 2017 at 5:11 PM, Pieter Hordijk <info@pieterhordijk.com>
> wrote:
>
>> To be honest I am afraid of ending up with something like the current
>> state
>> of the session docs. Which are imo way too broad / opinionated, non
>> English,
>> contains utterly confusing examples and / or flat out wrong and broken
>> examples.
>> Above already resulted in a stream of docs bugs regarding session pages
>> and a lot of confused readers.
>>
>
> You may consider my opinion as my personal opinion. I don't know of other
> than
> me who had that opinion then.
>
> After our session discussion, it seems OWASP adopted most of discussed
> elements in their doc ;)
>

I'm not exactly sure which part you consider as personal blog.

Current session management is too loose and insecure in many ways.
Since mandatory features for precise session management are not implemented,
the doc is intermediate.

I'm willing to improve the doc and appreciate improvement suggestions
always.
Feel free to send to my personal mail address.

Required information for precise and secure session management should be
in Precise Session Management RFC
https://wiki.php.net/rfc/precise_session_management

I appreciate if one could add missing documentation for precise session
management.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--001a114784463be090054d08bf88--