--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discu...@googlegroups.com.
To post to this group, send email to keyczar...@googlegroups.com.
Visit this group at https://groups.google.com/group/keyczar-discuss.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to keyczar-discuss@googlegroups.com.
I have had similar thoughts of a libsodium with keyczar-like keyversion. Possibly using something like flatbuffers instead of json for the keystore, just to reduce the amount of keydata thrown about when deserializing into memory. Also making keystores more forward looking by being able to switch out algorithms as well.FlatBuffers: http://google.github.io/flatbuffers/index.html.
On Wed, Sep 7, 2016 at 11:00 AM, David Norman <dash...@gmail.com> wrote:
I tend to agree (and poor Shawn being on his own all these years).I know Andrew, Shawn and I had grand plans to do a rewrite for K2, but we all got busy with other projects and various start-ups. With Andrew back at Google he may have more time than the rest of us, so will let he and Shawn chime in. It would be great to get the rewrite under way since I have several of my own uses I could use keyczar for, but just don't have the time.
On Wed, Sep 7, 2016 at 9:55 AM, Steve Weis <stev...@gmail.com> wrote:
Keyczar is getting out of date to the point where I think it might be time to deprecate it. It is still using SHA-1, doesn't support GCM, and doesn't support ECC algorithms by default. It only supports DSA and RSA, and I wouldn't use either for new code.
There doesn't seem to be much activity or drive behind Keyczar. Shawn Willden is doing almost all the Keyczar maintenance on his own. Otherwise, Google seems to be using the internal Keymaster on BoringSSL for new projects. I know there was a K2 project in the works at one point, but that seems to have died.
Without a driving force to push new development, I think it would be hard to modernize implementations in three different languages while maintaining backward compatibility.I would probably deprecate Keyczar and suggest that users start migrating to something else. Unfortunately, I don't have a drop-in suggestion to replace it. I'd probably use libsodium with some Keyczar-like key versioning.
I might be off-target if there are people who depend on Keyczar. If that's the case, those users should probably come up with a plan to modernize Keyczar and at least deprecate outdated modes and algorithms.
I'd be happy to talk about potential replacement designs if anyone were interested.
--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discu...@googlegroups.com.
To post to this group, send email to keyczar...@googlegroups.com.
Visit this group at https://groups.google.com/group/keyczar-discuss.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discu...@googlegroups.com.
To post to this group, send email to keyczar...@googlegroups.com.
Visit this group at https://groups.google.com/group/keyczar-discuss.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discu...@googlegroups.com.
To post to this group, send email to keyczar...@googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to keyczar-discuss@googlegroups.com.
Visit this group at https://groups.google.com/group/keyczar-discuss.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to keyczar-discuss@googlegroups.com.
Visit this group at https://groups.google.com/group/keyczar-discuss.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to keyczar-discuss@googlegroups.com.
Visit this group at https://groups.google.com/group/keyczar-discuss.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to keyczar-discuss@googlegroups.com.
Visit this group at https://groups.google.com/group/keyczar-discuss.
For more options, visit https://groups.google.com/d/optout.
--
--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to keyczar-discuss@googlegroups.com.