[Python-3000] 3.0 crypto (original) (raw)
"Martin v. Löwis" martin at v.loewis.de
Thu Sep 6 10:09:26 CEST 2007
- Previous message: [Python-3000] 3.0 crypto (was: Re: Solaris support in 3.0?)
- Next message: [Python-3000] 3.0 crypto
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On the wider subject of crypto in Python, is there someone who actively takes care of this area and who could clarify any legal/export restrictions on what gets included with the source distribution?
The PSF does (more specifically, the PSF board, and even more specifically, Tim Peters). We have registered Python with the U.S. BXA (or whatever the name of this agency is), allowing export of Python from the U.S. to all countries (with a few exceptions, I believe).
This is, of course, fairly immaterial, as both the Python source code and the Python releases are located on a server in the Netherlands, so downloading it from www.python.org is not an export from the U.S.
There are more issues, of course: some countries restrict the use of cryptography. France is given as an example: you need to register your cryptography keys with the government (SCSSI) before you can use confidentiality-oriented algorithms, IIUC.
There's good-quality, suitably licensed crypto code out there implementing most of the major ciphers, hashes, and asymmetric cryptosystems. I'd love it if we included a real set of crypto batteries with 3.0 that didn't depend on outside libraries, and provided more than just a hash or two. Doing the work isn't a problem. Is legalese?
Why do you say that doing the work is not a problem? I see it as a major problem.
In addition, other people also see other problems, like size of the distribution, fear of cryptography in general, and so on.
Regards, Martin
- Previous message: [Python-3000] 3.0 crypto (was: Re: Solaris support in 3.0?)
- Next message: [Python-3000] 3.0 crypto
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]