Comment 23 for bug 1836823

To summarize some conversation that happened in the #certbot-dev IRC channel on Freenode to make sure everyone sees it, the python-cryptography and python-idna requirements come from python-acme's dependency on requests "security" extras which we declare at https://github.com/certbot/certbot/blob/v0.31.0/acme/setup.py#L20. These are extra security features which python-requests has but to use them, you need additional dependencies.

To express this, our Debian package maintainer lifted requests' dependencies out of the python-requests package and into the python-acme package, but the requirements for the version of python-requests in Debian and Ubuntu Xenial are different. The requirements for requests "security" extras for the version in Xenial are https://github.com/psf/requests/blob/v2.9.1/setup.py#L72.

To express this, I think for both python and python3:

* The cryptography requirement should be relaxed to >=1.2.3 to match the requirement from python-acme: https://github.com/certbot/certbot/blob/v0.31.0/acme/setup.py#L12
* The ndg-httpsclient and pyasn1 dependency should be added back.
* The idna dependency should be removed.