[Cryptography-dev] The one where we talk about crypto-ethics
Bryan D. Payne
bdpayne at acm.org
Fri Nov 21 00:00:10 CET 2014
Caveat: I'm more of a lurker than an active participant on this project, so
take my thoughts with the appropriate weight :-)
> My paranoid heart tells me this is wrong. Problems should be fixed in
> the place where they should be fixed. It looks to me that if there is
> something wrong with OpenSSL treating keys, then OpenSSL should be fixed.
>
I tend to agree with this. If there are fundamental issues with OpenSSL,
then they should be fixed in OpenSSL. If OpenSSL won't take the fixes,
then that's a nice motivation to add support for a new backend -- something
that would be broadly useful for this project anyway.
If all else fails, I would only advise going down this road iff you could
get buy in from some of the true experts in the field and convince them to
provide guidance and code audits on that work. I think that there's a time
and place for training new cryptographic engineers. Some of the people on
this project are clearly well versed in the field and I suspect could do an
excellent job here. With the proper mentorship, this could be a good end
result. But you are wise to tread carefully and cautiously.
Cheers,
-bryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20141120/6c6a8529/attachment.html>
More information about the Cryptography-dev
mailing list