Zitat von Daniel Holth <[email protected]>:
Why are you using Ed25519 and JWS instead of PGP, S/MIME, or ECDSA? Wheel's signing scheme is designed to protect against cryptography that is not used. Wheel tries to encourage signing by making it very fast and easy. Signature verification is encouraged by including the signature in the archive itself rather than making it a separate download, and by including a Python implementation of the entire signing system in the reference implementation. JWS and Ed25519 yield small, pure-Python implementations. Ed25519 is fast enough that public-key cryptography can be considered for applications where it was traditionally too slow to be used, so wheels can be signed without worrying about performance.
I believe this analysis of reasons for not using cryptography is incorrect. Speed never is an issue in deciding whether or not to use cryptographic algorithms, today (except for cases with very limited CPU capabilities). Instead, the primary reason for not choosing cryptography is ease-of-use. For that reason, I still think that using an established algorithm would be the better choice. I remain -1 on this choice. Regards, Martin _______________________________________________ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com