[Updated] Feedback Request: Botan / Cryptography Community Project Proposal

ApothecaLabs · September 27, 2023, 5:03pm

Its been a week since I posted in the project devlog about the initial submission the Botan / Cryptography Community Project Proposal, without much fanfare or fuss. For those who haven’t been living in the devlog with me, this might easily have escaped your notice. As such, it was keenly suggested that I post this in its own topic, for better visibility and coordination.

Last week, I officially submitted my initial draft of the Botan / Cryptography Community Project Proposal to the Haskell Foundation - this proposal was several weeks in the making, so many thanks to all who have already provided feedback, please keep it coming

If you are a member of the Haskell Cryptography Group then your response is especially desired!

You can read and comment on the PR, and the rendered version can be found here.

I’ll be updating the proposal some time this week to reflect the new learnings, questions, and concerns that have been brought up so far.

Kleidukos · September 27, 2023, 8:12pm

I’m on it, thank you.

mouse07410 · October 5, 2023, 3:24pm

This proposal is an excellent idea, and will be very useful. Especially given how well and aggressively Botan is maintained.

On the downside, while most of the current code of the “Botan Haskell” compiles, the only meager description how to use it seems outdated.

It would be great if there was a short document describing how to build and run a sample code, given system-wide installed Botan library, and compiled “Botan Haskell” somewhere on the local filesystem.

Thanks for the effort!

solrize · October 6, 2023, 1:46am

Is there a deadline for submissions? I just heard about this from Lemmy. I’ve done some industrial crypto implementation and I do want to post some comments, but it will take me a few days due to RL stuff. I only manage to take a quick glance at the proposal for now. I prefer to post here or on the Haskell gitlab rather than on Microsoft. I hope that is ok.

Vlix · October 6, 2023, 10:58am

I don’t think there will be a deadline for comments any time soon, so take your time and share your comments when RL stuff settles down and you have the time to take a look

ApothecaLabs · October 6, 2023, 3:30pm

@mouse07410

Thanks! Better build instructions and examples / tutorials are definitely on the horizon, once the low-level stuff is solid.

@solrize
I’ve been putting together an update to the proposal based on the 50+ pieces of feedback that I’ve gotten so far, and then I’ll be wanting to get feedback on that, so there’s no rush

mouse07410 · October 6, 2023, 6:35pm

Better build instructions and examples / tutorials are definitely on the horizon, once the low-level stuff is solid.

In my opinion, delaying with instructions etc. until low-level stuff is solid is not beneficial - because it greatly limits the exposure of your code to other users, thus preventing them from spotting and reporting bugs rather sooner than later.

ApothecaLabs · October 9, 2023, 6:41pm

Proposal update time!

The proposal has been updated to account for all of the feedback provided thus far. There have been a good number of changes and improvements:

Narrowing of focus to Botan bindings
Removal of confusing ‘leg’ terminology
High-level abstractions have been removed in favor of a future proposal
Clarification of goals
Added build instructions and CI as a goal
Added test vectors as a goal
Improved problem statement, risks, stakeholders

Thanks to everyone who has so far contributed. Working with everyone here keeps everything at a reasonable scale, tight and in the now. The additional insight and tact that you all have provided have made this document a far more thorough and accurate proposal than I would have otherwise achieved.

@mouse07410 You are correct. I’ve moved build instructions up in priority from Important to Urgent-and-Important

ApothecaLabs · October 12, 2023, 4:51pm

Final proposal update time? Final call for feedback!

I’ve updated the proposal again, changes are minor this time:

Wording improvements
cryptohash-* variants mentioned
Clarification of ownership
Clarified that Boolean proposal is out of scope
Added tasty-bench benchmarks for Bcrypt and SHA3 to performance section

This is intended to be the final draft, and this is the final call for feedback - unless there is any further feedback that necessitates editing, I’ll be officially submitting it as the final draft proposal on Monday.

ApothecaLabs · October 16, 2023, 4:28pm

Proposal final draft (I hope)

I have updated the proposal again in response to the recent feedback:

Improved NaCl description
Improved cryptocurrency section in problem statement
Improved quantum computing mention
Improved botan vs botan-low description
Added Future Work section

Barring any additional feedback, I am satisfied with this as a final draft of this proposal.

ApothecaLabs · October 20, 2023, 4:54pm

There has been no additional feedback since the last update, and so I suppose now it is time to move on to the final step of this proposal, and officially ask the TWG committee to give a recommendation.

Thanks to everyone who gave feedback for participating!