[Zope] - Cryptography...

Andrew M. Kuchling akuchlin@cnri.reston.va.us
Wed, 30 Dec 1998 10:17:36 -0500 (EST)


In our meetings at work, if discussion appears to be bogging down, any
participant can say "This is a rat-hole" to end the discussion,
meaning roughly "This topic can be debated endlessly without coming to
any resolution."  Cryptography often winds up being such a rat-hole,
and this discussion seems equally unlikely to be productive.  I'm not
convinced it's a huge issue for Zope users; do competing products such
as Cold Fusion or Frontier support security at all if the Web server
doesn't have it?

Magnus Lie Hetland writes:
>I don't know if you guys have seen Andrew K's page on Cryptographic
>Curiosities... But it shouldn't be too hard to include for instance the
>RSA algorithm in Zope, when it can be expressed in four lines of

	A crude implementation of RSA is one thing; actually
implementing SSL -> X.509 -> PKCS is entirely another.  You'd be
better off looking at Pat Knight's UK-based SWIGging of SSLeay, and
finishing it off if you're outside of the US.  That would be really
useful, both for Python in general and Zope in particular.  (Someone
on the python-crypto mailing list reported that they actually finished
SWIGging all of SSLeay's functions; unfortunately they're in the
US...)

>(And just out of curiosity: Is it a crime to view this web page outside
>the US? ;)

	I hope not!  Seriously, those 4 lines of code aren't really
usable cryptographic systems, so I don't believe that anyone would try
to apply export controls to them.

-- 
A.M. Kuchling			http://starship.skyport.net/crew/amk/
Here you come again with your arithmetical conundrums, when I am suffering
death with a cold in the head.
    -- Mark Twain