9 Dec
2024
9 Dec
'24
7:20 p.m.
On Mon, Dec 9, 2024 at 11:06 AM Peter Dimov
That's a pretty basic quality of implementation issue in this domain.
High quality is always "in scope" for Boost libraries.
If it is in scope then should it be documented, with an analysis of attack vectors and how the library mitigates them? And should there be guidance for users, who also need to make sure they handle keys in ways that do not subvert the security guarantees of the library? Thanks