Tony Arcieri
Tony Arcieri
cc @shnatsel
> arguably Reduce should belong to crypto-bigint I'm not sure how that would work in such a way it would produce a scalar for a given elliptic curve > curve25519-dalek...
It would probably be good to open a separate issue for this, but to respond to this: > How I see it is that if one needs to parse a...
> I think more broadly that CurveArithmetic is tailored to much for ecdsa specifically. Other protocols (e.g., ecies, and ecqv) might also need slightly different traits. I think the main...
@fjarri we're trying to ship everything as 1.85 so it can be packaged on Debian stable, then bumping MSRV after that (now that there's an MSRV-aware resolver) --- That said,...
Ugh, `cast_unsigned` was stabilized in 1.87. I might start with that MSRV and then open a PR to downgrade the MSRV back to 1.85 so we can just revert that...
I'd like to finally push this one past the draft PR it's been sitting in for ages and land it and iterate on new features/functionality. I'm going to go ahead...
My suggested alternative for rustsec/advisory-db#2442 is `input-validation`, which could be easily retroactively applied to several existing vulnerabilities. When defining new categories, I'd also suggest looking at high level CWE classes,...
@kpcyrd CWE-20 is a toplevel class, where CWE itself is much more fine grained than our categories. See the "Relationships" section for the children of CWE-20. That's why it's discouraged:...
Regarding https://github.com/rustsec/advisory-db/pull/2442 (on second thought here), it reminds me of something like packet-in-packet attacks. I'll have to look into how those are classified in something like CWE. Edit: I think...