[Cryptography-dev] 0.2

Alex Stapleton alexs at prol.etari.at
Sat Jan 18 09:58:54 CET 2014 

Heh I fail. Too many damn abbreviations :-)

 I think that a 0.2 aimed at PyOpenSSL is a good idea. Are there any other 
issues need sorting out? I can't remember what state the locking stuff 
ended up in.

Sent with AquaMail for Android
http://www.aqua-mail.com


On 18 January 2014 08:14:31 "Hynek Schlawack" <hs at ox.cx> wrote:
> On 17 Jan 2014, at 23:17, Alex Stapleton wrote:
>
> > By "our ECDSA API" do you mean cryptography or PyOpenSSL?
>
> EC*DH*
>
>
> > Bindings for PyOpenSSL are relatively easy so that sounds entirely 
> sensible :-)
> >
> > (Apologies if this next part turns out to be OT.)
> >
> > On the other hand the things blocking asymmetric progress in cryptography 
> are as I understand it:
> >
> > 1. Proposals and review of signing interfaces.
> > 2. Thread safety of key generation due to the RNG. (Maybe other bits 
> effected by this too.)
> > 3. Key serialisation. (PKCS needs PBES/PBKDF really, and some changes to 
> our symmetric interface maybe.)
> > 4. Refactoring of OpenSSL error handling.
> > 5. Fork safety mitigation for the OpenSSL RNG.
> > ECDSA might be OK without 3, which also makes 4 a lot easier as it avoids 
> complex error paths in OpenSSL. I think the osrandom RNG patch for 5 might 
> turn out to fix 2 for now as well?
> >
> > Some of these issues probably effect usage in PyOpenSSL and twisted too 
> so maybe we can borrow some solutions from there :-)
> >
> >
> >
> > Sent with AquaMail for Android
> > http://www.aqua-mail.com
> >
> >
> > On 17 January 2014 20:59:04 "Hynek Schlawack" <hs at ox.cx> wrote:
> >> Dear fellow makers of poorest life choices,
> >>
> >> I’d like to speak about our next release.
> >>
> >> Concretely I’d like to get out 0.2 as soon as JP gives us feedback on 
> https://github.com/pyca/pyopenssl/pull/9 and our ECDH API can be considered 
> finished. I believe ECDH will add enough value on it’s own to warrant a 
> release; primarily it will also help move PyOpenSSL and maybe even Twisted 
> forward. Having that done before PyCon would be a *great* achievement.
> >>
> >> As a teaser, Twisted trunk + PyOpenSSL master + cryptography master = 
> https://gist.github.com/hynek/2f0acd65a34523028168
> >>
> >> Thoughts?
> >> —h
> >
> >
> > _______________________________________________
> > Cryptography-dev mailing list
> > Cryptography-dev at python.org
> > https://mail.python.org/mailman/listinfo/cryptography-dev
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev

More information about the Cryptography-dev mailing list