On 2/27/15, 4:29 PM, "Leigh" <lei...@gmail.com> wrote: >On 27 February 2015 at 21:14, Tom Worster <f...@thefsb.org> wrote: > >> I don't see why we couldn't sponsor an effort to encourage adoption >> of this or some such interoperability protocol. Go to FIG, see if the >> Rails, Node and Django people are interested, and so fourth... > >Feeling pretty pessimistic on this one. Each camp is going to feel >that they know best and push for their own way. If we could get a >mandate from a group of established and respected cryptographers, >maybe :)
You're thinking on the right lines but you don't need actual cryptographers to win this argument. You just need expert opinion in the use of cryptography. And all the expert opinion needed is in fact available from trusted sources. Let's look at the objections. Say someone is reluctant, defending their design. Two questions: 1. Do you prefer NIH or interpretability? Clearly the interest of your users means that interoperability is the more important of these two. 2. Should your design represent correct use of the crypto primitives or not? Clearly the answer is the former. At this point the argument is won because there are few correct designs and the differences between them are trivial in comparison to interoperability. Thus anyone really digging their heals in is demonstrably either incompetent or not representing the interests of users. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
