[Cryptography-dev] Asymmetric signing primitives
Donald Stufft
donald at stufft.io
Sun Jul 27 21:01:26 CEST 2014
On July 27, 2014 at 2:58:59 PM, Glyph (glyph at twistedmatrix.com) wrote:
>
> On Jul 26, 2014, at 5:11 PM, Paul Kehrer wrote:
>
> > We’ve talked about adding alternate APIs to get the raw (r, s) tuple out of the DSA signature
> but we’ve been conflicted about whether we wanted to add a dependency on pyasn1 or if we
> just want to write some code that handles ASN.1 sequences and integers ourselves. How
> did you approach it? Filed as: https://github.com/pyca/cryptography/issues/1285
>
> Just to add my 2¢ to this debate:
>
> Let's (or, to the extent that I am lazy and have not put any PRs forward yet, "you should")
> add a dependency on pyasn1, and contribute upstream to pyasn1 if there are issues that
> make it problematic to depend upon. Much like we shouldn't have lots of ad-hoc repeated
> crypto code because of the gravity of potential errors, there shouldn't be lots of ad-hoc
> repeated asn.1 processing code, because it's just as security-critical.
>
Also because dependencies are not bad things and reimplementing logic is bad unless we have some sort of reasoning where pyasn1 is so broken that it’d be easier to start over than reuse it or the maintainer refuses to fix issues.
--
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
More information about the Cryptography-dev
mailing list