Hi Frank, sorry about the delayed response. Replies inline. On June 5, 2016 at 6:34:58 PM, Frank Siebenlist (frank.siebenl...@gmail.com) wrote:
...snip... Questions for the pyca/cryptography community: * Any others who share the need/dream for such a high-level, simple Fernet-style library based on jose/jwt? There has been some conversation along these lines in https://github.com/pyca/cryptography/issues/2900 and continuing in https://github.com/pyca/cryptography/issues/2912 In general I'm in favor of pulling jwcrypto (or something like it) into cryptography. The obstacles are going to be figuring out the licensing (cryptography is Apache2/BSD dual licensed and any code contributed to it needs to be available under those licenses), discussing what (if any) API changes need to be made to fit in with the API design of the hazmat layer, and general "make the code style match cryptography". As I've stated in issue 2912 I do feel that the JW{S,E,T} implementations belong in hazmat because the IETF specs allow bad algorithm choice. I might be okay with exposing a specifically opinionated version (e.g. your choices are taken away and cryptography selects a good choice) as a recipe. This sounds like it would meet your needs, correct? * Did we possibly miss an existing effort that meets (most of) those requirements? I'm not specifically familiar with any, but the world is vast. :) * Comments? Suggestions? Be wary of algorithmic agility. :) Fernet bakes its algorithms into the version, so a future version can change them but it will result in a version bump (a system DJB frequently argues for: https://twitter.com/hashbreaker/status/601074008013037568). I personally believe it to be a better solution than what the JOSE specs choose to provide, but I also concede there's value in something being highly interoperable even if it isn't the platonic ideal. :) Thanks, Frank. "From a security perspective, if you're connected, you're screwed." - Daniel J. Bernstein _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
