Paul Kehrer
Paul is a cryptographic security architect but also moonlights building AI datacenters. A founding member of the Python Cryptographic Authority, Paul has played a large part in the development of three major cryptographic libraries in Python since 2013. The principal library, pyca/cryptography, is the de facto standard cryptographic library in Python and depends heavily on OpenSSL and its forks. Paul has a focus on misuse resistant cryptography, both for developers and implementers, and deeply believes in the need for memory safety in foundational libraries.
Session
For more than a decade, pyca/cryptography has been the most widely used cryptography library in the Python ecosystem, and for that entire period, we've relied on OpenSSL to provide core cryptographic algorithms, while also supporting various OpenSSL forks. However, we've also made changes to how we use OpenSSL in that period: we increasingly handle X.509 (including path building and parsing), as well as key parsing and serialization ourselves. This talk will cover lessons learned, and opportunity for improvement in OpenSSL, including API design, performance, and testing.