[Python-3000] 3.0 crypto
"Martin v. Löwis"
martin at v.loewis.de
Thu Sep 6 10:09:26 CEST 2007
> On the wider subject of crypto in Python, is there someone who actively
> takes care of this area and who could clarify any legal/export
> restrictions on what gets included with the source distribution?
The PSF does (more specifically, the PSF board, and even more
specifically, Tim Peters). We have registered Python with the U.S. BXA
(or whatever the name of this agency is), allowing export of Python
from the U.S. to all countries (with a few exceptions, I believe).
This is, of course, fairly immaterial, as both the Python source
code and the Python releases are located on a server in the Netherlands,
so downloading it from www.python.org is not an export from the U.S.
There are more issues, of course: some countries restrict the use
of cryptography. France is given as an example: you need to register
your cryptography keys with the government (SCSSI) before you can
use confidentiality-oriented algorithms, IIUC.
> There's good-quality, suitably licensed crypto code out there
> implementing most of the major ciphers, hashes, and asymmetric
> cryptosystems. I'd love it if we included a real set of crypto batteries
> with 3.0 that didn't depend on outside libraries, and provided more than
> just a hash or two. Doing the work isn't a problem. Is legalese?
Why do you say that doing the work is not a problem? I see it as
a major problem.
In addition, other people also see other problems, like size of the
distribution, fear of cryptography in general, and so on.
More information about the Python-3000