[PYTHON-CRYPTO] Requirements

[Michael Ströder]

Rich Salz wrote:
>
> > > * The above implies the need for unique identifiers for algorithms,
> > > protocols and vendors throughout the whole class API.
>
> Well, we already have OID's for algorithms, and mechanisms.

Well, I thought about OIDs. I just wondered if some people here are
too scared about numeroids.

Maybe we can mandate that implementations have to handle all
identifiers as string representations of numeric OIDs internally but
have to be able to resolve user-friendly aliases in the API.

> > * Handle key exchanges and have a key "ring" that is available to all of the
> > algorithms.
>
> Keyring is an interesting idea.  I'm not sure how important it is for
> the first release. On the other hand, doing it right will overlap other
> areas, particularly if you want to implement it on top of PKCS#11,
> CryptoAPI, etc.

Well, I'm concerned to get a module which enables application
developers to write secure code. Key stores (key rings) are a very
critical thing when developing crypto-applications. If we have a
class API for key stores we would have a nice abstraction layer for
platform dependent stuff or different security levels. During
run-time the system administrator or application chooses the
preferred type of key store needed for achieving a specific security
level.

I agree it's definitely not trivial.

> >  The key "ring" would be a seperate module that checks to make sure file
> > permissions are "secure" and reads and writes keys.
>
> I'm not sure about this.  How are the keys protected?  On a windows
> platform, for example?

This would be up to the key store implementation, off course. ;-)

Ciao, Michael (very abstract today ;-).