Pure Python HTTPS Server

[Paul Rubin]

trevp at trevp.net (Trevor Perrin) writes:
> >  I proposed a standard block cipher API and wrote a
> > sample implementation last year,
> 
> I like that API.  I wonder if there's any performance issues in
> separating the codebook from the mode-of-operation, but I haven't
> thought about that much.

If needed, the C-level API can be expanded so codebook modules have a
way to communicate directly with the modes-of-operation module,
without needing to do Python attribute lookups all the time.  But even
without that optimization, I don't think the performance issues should
be so bad.  The attribute lookup shouldn't be any slower than a
codebook call, so if you do it just once when you invoke a chaining
mode, the overhead for large buffers should be minimal.

> Yeah, I thought things were pretty liberalized these days.  US Export
> isn't a problem.  I guess a few countries still have import issues,
> but providing a no-crypto distribution that omits a few modules seems
> like it would take care of that.

I think that got debated at some length, but I wasn't around for it.

> > I haven't pursued the issue since then, but I guess I can do some
> > more work on the code now.
> 
> I'd be happy to help, or cheerlead, or anything.  Is this something
> that belongs on the python-crypto list?

I dunno, discussions on that list tend to go around in circles.  There
were a couple of unresolved questions about the API that I've now
forgotten.  I guess I should dig up that code and look at it again.

Do you happen to have a pure-Python DES implementation around?  I
started writing one once, but it had some bug (i.e. it didn't pass
FIPS test vectors) that I never got around chasing down.

Did you ever look at the key management scheme I circulated a while
back?  Is it the kind of thing anyone cares about?