[Sugar-devel] [PATCH 2/2 sugar] Create new owner keys as RSA keys instead of DSA
Bernie Innocenti
bernie at sugarlabs.org
Mon Nov 28 14:44:46 EST 2011
On Tue, 2011-11-15 at 16:30 +0100, Sascha Silbe wrote:
> Excerpts from Samuel Greenfeld's message of 2011-11-15 15:23:58 +0100:
>
> > Has anyone in the security field (such as Ivan Krstić) reviewed this
> > proposal? Are there any potential performance impacts by switching key
> > types for slower systems such as the XO-1?
>
> A few quick tests have shown no significant differences in ssh-keygen
> runtime (if anything RSA key generation is faster). As stated before, no
> other piece of code does cryptographic operations with the key,
I can't check the code right now, but IIRC the schoolserver
registration and backups use an ssh key stored somewhere in ~/.sugar/.
> ECC is out of scope for this patch. The purpose is to make the key
> compatible with more software, not less. ECC support in most
> cryptographic toolkits ranges from experimental to non-existent.
Besides, EC-DSA is not available in Fedora due to some concern that Red
Hat legal is unwilling to discuss publicly:
https://bugzilla.redhat.com/show_bug.cgi?id=612265
http://lists.fedoraproject.org/pipermail/legal/2011-June/001661.html
The fear of incurring into "triple damages" [1] makes software patents
even more disruptive for free software development, because we can't use
our usual communication channels to discuss the actual problem and
propose solutions.
[1] http://en.wikipedia.org/wiki/Treble_damages
--
Bernie Innocenti
Sugar Labs Infrastructure Team
http://wiki.sugarlabs.org/go/Infrastructure_Team
More information about the Sugar-devel
mailing list