On 9/4/20 7:06 AM, Phil Endecott via Boost wrote:
Mikhail Komarov wrote:
Some time ago I promised to show something about cryptography library architecture and implementation for Boost
Here's a "meta question" about the idea of having cryptography in Boost: do we think that the "Boost process" (i.e. reviews etc.) is suitable for cryptography, where the issues are somewhat different than other domains?
Lot's of interesting stuff in this little post.
If I were looking for a cryptography library, I don't think that Boost's emphasis on modern C++ best-practice and the "stamp of approval" from our review process would be my top priorities.
I think any C++ library should have that emphasis.
Rather, I would be looking for a track record of securely-implemented cryptography coming from acknowledged and trusted domain experts.
Hmmm - Perhaps some domains are so arcane, mathematical, that we don't have all the resources to properly evaluate them. Should this be case, I'm thinking we might want to recruit some of the missing resources. That make sure the reviewers include some specialized individuals. Not that particularly trust the individuals more than others, but I think with thinks like this not at a bad idea that all the different facets of such an evaluation be covered. Since it's a super important application area - the standards for acceptance would likely be higher than normal - e.g. no more acceptance with 2 reviews.
So if I were comparing this with other libraries, my first question would be "Who is Mikhail Komarov?",
We're evaluating the submission - not the submitter.
followed by "what is the Nil Foundation, and why is it registered in the Cayman Islands?".
LOL - very interesting. Shades of a James Bond villain. I would be curious to know about this though.
Regards, Phil.
Robert Ramey