On 9/6/07, Ivan Krstić <[EMAIL PROTECTED]> wrote: > > On Sep 6, 2007, at 4:09 AM, Martin v. Löwis wrote: > > There are more issues, of course: some countries restrict the use > > of cryptography. France is given as an example: you need to register > > your cryptography keys with the government (SCSSI) before you can > > use confidentiality-oriented algorithms, IIUC. > > This gets at what most interests me -- namely, whether there's a > strong legal barrier to including more crypto with Python than just > the hashes we have at the moment. It sounds like the answer is 'yes', > but what are the details?
fwiw hashes are not cryptography. The distribution size issue can be mitigated by a reasonable choice > of supported primitives. I don't think we need to ship the crypto > kitchen sink with Python; we can disqualify known-broken algorithms > that many libraries still ship, etc. I see nothing wrong with leaving pycrypto as an add-on library as most things don't need it. http://www.amk.ca/python/code/crypto. The pycrypto API is is very nice. But if we were to consider it for the standard library I'd prefer it just link against OpenSSL rather than use its own C implementations and just leave platforms without ssl without any crypto. Besides the chances are that most programmers seeing a crypto library will misuse it and gain a false sense of security on what they've done. ;)
_______________________________________________ Python-3000 mailing list [email protected] http://mail.python.org/mailman/listinfo/python-3000 Unsubscribe: http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
