[Sugar-devel] [PATCH 2/2 sugar] Create new owner keys as RSA keys instead of DSA

[Bernie Innocenti]

On Tue, 2011-11-15 at 16:30 +0100, Sascha Silbe wrote:
> Excerpts from Samuel Greenfeld's message of 2011-11-15 15:23:58 +0100:
> 
> > Has anyone in the security field (such as Ivan Krstić) reviewed this
> > proposal?  Are there any potential performance impacts by switching key
> > types for slower systems such as the XO-1?
> 
> A few quick tests have shown no significant differences in ssh-keygen
> runtime (if anything RSA key generation is faster). As stated before, no
> other piece of code does cryptographic operations with the key,

I can't check  the code right now, but IIRC the schoolserver
registration and backups use an ssh key stored somewhere in ~/.sugar/.


> ECC is out of scope for this patch. The purpose is to make the key
> compatible with more software, not less. ECC support in most
> cryptographic toolkits ranges from experimental to non-existent.

Besides, EC-DSA is not available in Fedora due to some concern that Red
Hat legal is unwilling to discuss publicly:

  https://bugzilla.redhat.com/show_bug.cgi?id=612265
  http://lists.fedoraproject.org/pipermail/legal/2011-June/001661.html

The fear of incurring into "triple damages" [1] makes software patents
even more disruptive for free software development, because we can't use
our usual communication channels to discuss the actual problem and
propose solutions.

[1] http://en.wikipedia.org/wiki/Treble_damages

-- 
Bernie Innocenti
Sugar Labs Infrastructure Team
http://wiki.sugarlabs.org/go/Infrastructure_Team