[Cryptography-dev] 0.2
Alex Stapleton
alexs at prol.etari.at
Fri Jan 17 23:17:44 CET 2014
By "our ECDSA API" do you mean cryptography or PyOpenSSL?
Bindings for PyOpenSSL are relatively easy so that sounds entirely sensible :-)
(Apologies if this next part turns out to be OT.)
On the other hand the things blocking asymmetric progress in cryptography
are as I understand it:
1. Proposals and review of signing interfaces.
2. Thread safety of key generation due to the RNG. (Maybe other bits
effected by this too.)
3. Key serialisation. (PKCS needs PBES/PBKDF really, and some changes to
our symmetric interface maybe.)
4. Refactoring of OpenSSL error handling.
5. Fork safety mitigation for the OpenSSL RNG.
ECDSA might be OK without 3, which also makes 4 a lot easier as it avoids
complex error paths in OpenSSL. I think the osrandom RNG patch for 5 might
turn out to fix 2 for now as well?
Some of these issues probably effect usage in PyOpenSSL and twisted too so
maybe we can borrow some solutions from there :-)
Sent with AquaMail for Android
http://www.aqua-mail.com
On 17 January 2014 20:59:04 "Hynek Schlawack" <hs at ox.cx> wrote:
> Dear fellow makers of poorest life choices,
>
> I’d like to speak about our next release.
>
> Concretely I’d like to get out 0.2 as soon as JP gives us feedback on
> https://github.com/pyca/pyopenssl/pull/9 and our ECDH API can be considered
> finished. I believe ECDH will add enough value on it’s own to warrant a
> release; primarily it will also help move PyOpenSSL and maybe even Twisted
> forward. Having that done before PyCon would be a *great* achievement.
>
> As a teaser, Twisted trunk + PyOpenSSL master + cryptography master =
> https://gist.github.com/hynek/2f0acd65a34523028168
>
> Thoughts?
> —h
More information about the Cryptography-dev
mailing list