Boost logo

Boost :

From: Robert Ramey (ramey_at_[hidden])
Date: 2020-09-04 20:28:24

On 9/4/20 7:06 AM, Phil Endecott via Boost wrote:
> Mikhail Komarov wrote:<>
>> Some time ago I promised to show something about cryptography library
>> architecture and implementation for Boost
> Here's a "meta question" about the idea of having
> cryptography in Boost: do we think that the "Boost
> process" (i.e. reviews etc.) is suitable for
> cryptography, where the issues are somewhat different
> than other domains?

Lot's of interesting stuff in this little post.

> If I were looking for a cryptography library, I don't
> think that Boost's emphasis on modern C++ best-practice
> and the "stamp of approval" from our review process
> would be my top priorities.

I think any C++ library should have that emphasis.

> Rather, I would be looking
> for a track record of securely-implemented cryptography
> coming from acknowledged and trusted domain experts.

Hmmm - Perhaps some domains are so arcane, mathematical, that we don't
have all the resources to properly evaluate them. Should this be case,
I'm thinking we might want to recruit some of the missing resources.
That make sure the reviewers include some specialized individuals. Not
that particularly trust the individuals more than others, but I think
with thinks like this not at a bad idea that all the different facets of
such an evaluation be covered. Since it's a super important application
area - the standards for acceptance would likely be higher than normal -
e.g. no more acceptance with 2 reviews.

> So if I were comparing this with other libraries, my
> first question would be "Who is Mikhail Komarov?",

We're evaluating the submission - not the submitter.

> followed
> by "what is the Nil Foundation, and why is it registered
> in the Cayman Islands?".

LOL - very interesting. Shades of a James Bond villain. I would be
curious to know about this though.

> Regards, Phil.

Robert Ramey

Boost list run by bdawes at, gregod at, cpdaniel at, john at