Hi, On Sat, Apr 22, 2017 at 10:37 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > Hi Niklas, > > On Sun, Apr 23, 2017 at 4:32 AM, Niklas Keller <m...@kelunik.com> wrote: >> >> >> What the... there were multiple concerns regarding the changes already. >> I'm hereby expressing another strong -1 on these. > > > Instead of posting your feeling, please post logic behind your idea. > Most of the changes are based on what is _written_ in the RFC 5869 > > I'm a bit tired with arguments without valid logic.
You're tired? Yasuo, the reason why you're not receiving replies unless you say "I'll commit in a few days if there are no more comments" is because everybody is tired of talking to you. If you want examples, search GitHub for PHP code utilizing HKDF - you will see that most projects use it without a salt, including https://github.com/defuse/php-encryption - pretty much the best PHP userspace crypto library today. And I'm only saying "most" because I can't be bothered to go through literally all of them; I've found NONE that do use the salt. You will also find zero projects using it for CSRF protection. The vote ended with 1 Yes (you) and 14 No; not a single person has agreed with you so far, and most have explicitly stated strong disagreement with your proposed changes. Yet you insist on pushing your *personal opinion*, ignoring everybody else and acting as if ~80 mails haven't already been exchanged. How is it even possible that you still believe that everybody is wrong and you alone are right? Give it up already. Cheers, Andrey. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
