Bug#1109574: RFP: python-lakers-python -- an implementation of the EDHOC protocol (RFC9528) providing key establishment for constrained ("IoT") devices

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1109574: RFP: python-lakers-python -- an implementation of the EDHOC protocol (RFC9528) providing key establishment for constrained ("IoT") devices
From: chrysn <chrysn@fsfe.org>
Date: Sun, 20 Jul 2025 11:23:28 +0200
Message-id: <[🔎] aHy1kDlQLqxJx0bF@hephaistos.amsuess.com>
Reply-to: chrysn <chrysn@fsfe.org>, 1109574@bugs.debian.org

Package: wnpp
Severity: wishlist
X-Debbugs-Cc: Mazen Neifer <mazen@debian.org>

* Package name    : python-lakers-python
  Version         : 0.5.0
  Upstream Contact: Geovane Fedrecheski, Christian Amsüss <chrysn@fsfe.org>
* URL             : https://lakers.readthedocs.io/en/latest/
* License         : BSD-3-Clause
  Programming Lang: Python package written in Rust
  Description     : an implementation of the EDHOC protocol (RFC9528) providing key establishment for constrained ("IoT") devices

Lakers is an implementation of EDHOC (RFC9528), which is part of setting
up object security for constrained devices (also called "IoT" devices),
e.g. for CoAP OSCORE (RFC7252, RFC8613).

This package contains Python wrappers for the library.

---

This package is an recommended dependency of the python3-aiocoap
package. While CoAP has security modes that can do without this, they
are all flawed (in general as a matter of personal opinion, and in this
implementation of CoAP as a matter of fact).

The underlying Rust library, lakers, is itself so far unpackaged, but it
and all its dependencies should be as smooth sailing packaging-wise as a
Rust crate can be (and I hope that's very smooth). The Rust tree of
dependencies thar are unpackaged is, as I understand:

- lakers
  - lakers-shared, lakers-crypto-rustcrypto, lakers-ead-authz (all in
    this workspace, so this might become one source package I think)
  - defmt-or-log
    - defmt-or-log-macros
  - hax-lib, hax-lib-macros (hax does formal verification, but the crate
      is an almost-no-op that merely enables the annotations that the
      formal verification needs)

I am part of the upstream team for this package, so if there's anything
we can do to simplify packaging, please just let me know.

Brief note on the name: it's python-lakers-python because the PyPI name
is lakers-python because Rust crate was named that way originally --
it's kind of odd, especially as the Python module is named lakers, but I
wouldn't know how to compatibly improve things there (especially given
that the name "lakers" is taken for a test upload in PyPI).

I haven't done enough Debian packaging recently to wrap this all on my
own. However, if the packages are created in the team repos, I'll be
happy to patch things whenever we release a new version.

Thanks
chrysn

-- 
Build a man a fire, and he'll be warm for a day. Set a man on fire, and
he'll be warm for the rest of his life.
  -- Terry Pratchett (attributed)

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Bug#537499: marked as done (RFP: weaveserver -- Secure data sharing server for firefox/iceweasel)
Next by Date: Bug#1109578: ITP: mediawiki-extension-openidconnect -- MediaWiki extension for authentication using OpenID Connect
Previous by thread: Bug#537499: marked as done (RFP: weaveserver -- Secure data sharing server for firefox/iceweasel)
Next by thread: Bug#1109578: ITP: mediawiki-extension-openidconnect -- MediaWiki extension for authentication using OpenID Connect
Index(es):
- Date
- Thread