Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:130673 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by lists.php.net (Postfix) with ESMTPS id 975E81A00BC for ; Mon, 20 Apr 2026 13:47:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1776692871; bh=exVNS2sAb47S+wg6bWRAU2z+wE8gcUYpJI4u5gvMuEE=; h=Date:To:From:Subject:From; b=I9mzf/5xrd5rq+6/aa9ajpVZgg5SVZwUXIjlrGfYAaVAV/R5etWkt2jUZVhl2bACm 6PfDdO2TjH58YkQ42bQjmCBoB1oj+afbUIvfcTODPD2QV7J1rd60yaeeALZvd+xBxp XgI69+Be5t4oN5p76Z3sgs6NoUnhh48s4B8agCgtTGdsgUucOyNB6stWZPtzCru16a vnOWjAEYO2ITsbajU+gfrtQ6fGEY8JT+X/KR6bPITT61cRrIrbisoMJkNX4MB/High 9A7ex+FivmpkDtyNNV6CDIGwlNHBxj21rbuvIA9BgqSU0MxAptswRgZ+f2xFZnhHRt vT7VQTWrTmK4Q== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 052B7180040 for ; Mon, 20 Apr 2026 13:47:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,RCVD_IN_DNSWL_LOW, SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=4.0.1 X-Spam-Virus: No X-Envelope-From: Received: from mout-p-103.mailbox.org (mout-p-103.mailbox.org [80.241.56.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 20 Apr 2026 13:47:49 +0000 (UTC) Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:b231:465::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4fzmyJ3QTFz9v1G for ; Mon, 20 Apr 2026 15:47:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=phpunit.de; s=MBO0001; t=1776692856; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZQ358QGLbgpKeTPFggTCvqSvJmpRHH6BpCl+J9VD7yI=; b=H+D7rnlAkrbs8VpJDNedl2+1Q6nJ7U2UOQMMErL5gwsuc+KOjeLiZMG7DhDEnnkTklSR/F 435ERV9G8f69iIvryVj/95E0a+SSDCPn/TXHK5XXbgz74jBKRcL7H8bEMLim3BhXdoUpaF zLVMgGhTsqIGSx9kBvtsWGeQah/v7wDe/O2GBkSHRVTIQnUh8Hg5WMkL73wVK8Z+VjmMJD 7NnunHogQMVx/xEAgiwPnC0+yHvukmQAFbDF2vcOev6pingXdb5B4PoX2OMQc05JWQ0C/T hcKyYv8s6ngHn40ZIZsIOTX4eKeql4JpELOp0i9ZO76+6R6k9i/9At2RKvLPFg== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of sebastian@phpunit.de designates 2001:67c:2050:b231:465::1 as permitted sender) smtp.mailfrom=sebastian@phpunit.de Message-ID: <3a29a00b-6841-4af7-b1db-848d9e42b7da@phpunit.de> Date: Mon, 20 Apr 2026 15:47:06 +0200 Precedence: list list-help: list-unsubscribe: list-post: List-Id: x-ms-reactions: disallow MIME-Version: 1.0 To: internals@lists.php.net Subject: [PHP-DEV] PQC readiness beyond OpenSSL/sodium Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4fzmyJ3QTFz9v1G From: sebastian@phpunit.de (Sebastian Bergmann) Hi! I recently read Paragon Initiative's post "Post-Quantum Cryptography for the PHP Community" [1] and have been following the broader PQC discussions, particularly Google's and Cloudflare's migration timelines, which seem to be pulling the industry's expectations forward quite a bit. I want to stress upfront: I am not a security expert, and this question may be naive. I'm asking to understand whether there's anything that needs to be done on the language/runtime side. My working assumption has been that the heavy lifting for PQC in PHP will come through the libraries that ext/openssl and ext/sodium wrap, in other words, that once OpenSSL ships stable ML-KEM / ML-DSA / hybrid primitives and libsodium follows suit, exposing them in PHP is largely a matter of binding new functions and constants, similar to how past algorithms were added. Paragon's ext-pqcrypto and pqcrypto_compat seem to cover the gap in the meantime. What I'm less sure about is whether there are PHP-specific concerns beyond "wait for the libraries." A few things I've wondered about, though I may be framing them wrong: * Whether the substantially larger key/signature/ciphertext sizes of PQC algorithms interact badly with any internal assumptions in PHP (string handling is presumably fine, but things like stream buffer defaults, TLS-related INI defaults, or session serialization come to mind). * Whether anything in the bundled extensions that does its own crypto (PHAR signatures, password_hash, openssl_* wrappers, PHP's own TLS stream context options) will need design-level decisions rather than just new constants — e.g., how hybrid KEMs get surfaced in stream contexts, or whether PHAR will gain PQ signature support. * Whether there's an expectation that PHP tracks a minimum OpenSSL version that supports PQC by some date, and what that might mean for distros. * Whether any of this warrants an RFC-level discussion now rather than closer to 2029. Is any of the above already being tracked or discussed? Are there concerns I'm missing entirely? I'd rather ask a possibly-dumb question now than find out in 2028 that something obvious was overlooked. :-) Thanks for your time, Sebastian -- Sebastian Bergmann https://phpunit.expert Stay up to date with PHPUnit: https://phpunit.expert/newsletter