[Python-3000] 3.0 crypto
"Martin v. Löwis"
martin at v.loewis.de
Thu Sep 6 12:18:54 CEST 2007
> This gets at what most interests me -- namely, whether there's a strong
> legal barrier to including more crypto with Python than just the hashes
> we have at the moment. It sounds like the answer is 'yes', but what are
> the details?
The export permission allows for exporting "mass-market" software;
anything you can come up with likely classifies. We need to report
precisely what is included (i.e. what files contain the crypto code).
So with any release that adds new crypto features, a new report to BXA
would formally be necessary.
>> Why do you say that doing the work is not a problem? I see it as
>> a major problem.
>
> I'm willing to either do the work myself, or have someone else from the
> secops team at OLPC do it.
It's not something that a single person can well do. You will also need
to design APIs, and that traditionally involves the community. If you
create something ad-hoc, I would request that this first gets
field-proven for a few years before being included in the standard
distribution. Then, it would face competition to existing such
solutions.
> The distribution size issue can be mitigated by a reasonable choice of
> supported primitives. I don't think we need to ship the crypto kitchen
> sink with Python; we can disqualify known-broken algorithms that many
> libraries still ship, etc.
Sounds like a PEP topic.
Regards,
Martin
More information about the Python-3000
mailing list