[Python-3000] 3.0 crypto
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Thu Sep 6 12:03:45 CEST 2007
On Sep 6, 2007, at 4:09 AM, Martin v. Löwis wrote:
> There are more issues, of course: some countries restrict the use
> of cryptography. France is given as an example: you need to register
> your cryptography keys with the government (SCSSI) before you can
> use confidentiality-oriented algorithms, IIUC.
This gets at what most interests me -- namely, whether there's a
strong legal barrier to including more crypto with Python than just
the hashes we have at the moment. It sounds like the answer is 'yes',
but what are the details?
> Why do you say that doing the work is not a problem? I see it as
> a major problem.
I'm willing to either do the work myself, or have someone else from
the secops team at OLPC do it.
> In addition, other people also see other problems, like size of the
> distribution, fear of cryptography in general, and so on.
The distribution size issue can be mitigated by a reasonable choice
of supported primitives. I don't think we need to ship the crypto
kitchen sink with Python; we can disqualify known-broken algorithms
that many libraries still ship, etc.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
More information about the Python-3000
mailing list