Zitat von Daniel Holth <dho...@gmail.com>:
Why are you using Ed25519 and JWS instead of PGP, S/MIME, or ECDSA?
Wheel's signing scheme is designed to protect against cryptography
that is not used. Wheel tries to encourage signing by making it very
fast and easy. Signature verification is encouraged by including
the signature in the archive itself rather than making it a separate
download, and by including a Python implementation of the entire
signing system in the reference implementation.
JWS and Ed25519 yield small, pure-Python implementations. Ed25519
is fast enough that public-key cryptography can be considered for
applications where it was traditionally too slow to be used, so
wheels can be signed without worrying about performance.
I believe this analysis of reasons for not using cryptography is incorrect.
Speed never is an issue in deciding whether or not to use cryptographic
algorithms, today (except for cases with very limited CPU capabilities).
Instead, the primary reason for not choosing cryptography is ease-of-use.
For that reason, I still think that using an established algorithm would
be the better choice. I remain -1 on this choice.
Regards,
Martin
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
