[Python-Dev] PEP 427 comment: code signing

[Daniel Holth]

On Mon, Oct 22, 2012 at 6:20 PM,  <martin at v.loewis.de> wrote:
>
> Zitat von Daniel Holth <dholth at gmail.com>:
>
>
>> Why are you using Ed25519 and JWS instead of PGP, S/MIME, or ECDSA?
>>     Wheel's signing scheme is designed to protect against cryptography
>>     that is not used.  Wheel tries to encourage signing by making it very
>>     fast and easy.  Signature verification is encouraged by including
>>     the signature in the archive itself rather than making it a separate
>>     download, and by including a Python implementation of the entire
>>     signing system in the reference implementation.
>>
>>     JWS and Ed25519 yield small, pure-Python implementations.  Ed25519
>>     is fast enough that public-key cryptography can be considered for
>>     applications where it was traditionally too slow to be used, so
>>     wheels can be signed without worrying about performance.
>
>
> I believe this analysis of reasons for not using cryptography is incorrect.
> Speed never is an issue in deciding whether or not to use cryptographic
> algorithms, today (except for cases with very limited CPU capabilities).
> Instead, the primary reason for not choosing cryptography is ease-of-use.
>
> For that reason, I still think that using an established algorithm would
> be the better choice. I remain -1 on this choice.

You are right that in this application, it probably doesn't matter. In
other applications like public key authentication for individual
packets the Ed25519 performance is necessary. A relevant advantage is
the deterministic signatures property; the Playstation lost their key
because they forgot to use randomness when generating ECDSA
signatures.