Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:86329
Return-Path: <scott@paragonie.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 7656 invoked from network); 21 May 2015 01:30:08 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 May 2015 01:30:08 -0000
Received: from [127.0.0.1] ([127.0.0.1:23095])
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ECSTREAM
	id 9C/30-05394-F153D555 for <internals@lists.php.net>; Wed, 20 May 2015 21:30:07 -0400
Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain paragonie.com from 209.85.216.169 cause and error)
X-PHP-List-Original-Sender: scott@paragonie.com
X-Host-Fingerprint: 209.85.216.169 mail-qc0-f169.google.com  
Received: from [209.85.216.169] ([209.85.216.169:35976] helo=mail-qc0-f169.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 43/10-05394-0C13D555 for <internals@lists.php.net>; Wed, 20 May 2015 21:15:45 -0400
Received: by qcir1 with SMTP id r1so32299070qci.3
        for <internals@lists.php.net>; Wed, 20 May 2015 18:15:41 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:date:message-id:subject:from:to
         :content-type;
        bh=0g/6i54Mq8iJG/X0n6hSH+uS4rG6xOIDUCAlYlz4GzM=;
        b=K1PMGNQkXLwd5/pUOFyhglwzbnT4XuYFy5PQNBtmYbc52cykZyUIPsq5GzcMaOhWt9
         LpYptb1LHd9CeuAg5CgyeRZ4vtEflex5YKc2T9gy2IcC5b1ewlGmtHiXLoa3/BElSBOX
         I8gbZlqJJuzxJ8CiqWrzFsK7d9lg4XH0AlmYZ8FuXwf7gemx1P6rPskoqvBGRMfl4bxB
         nUsnPoOxBg+u3A5CL3tnAILPipXPJk6hQ7uSIEbc9Rnwhx2HWqNENwv7SeEkRhYqz8Xb
         XlGioLhhnQclM18QetaLESvgWj9qbaXFQbuaYgfTCZH7EirTsclYUTz80qxu0+qTnFBO
         UymA==
X-Gm-Message-State: ALoCoQmhrGA9B0FP6NE2yxEkXFlLzXEn0xSaL4K/3aliodMupJeGW6p9NyKGEVTngHHtpHmqq2fm
MIME-Version: 1.0
X-Received: by 10.140.202.130 with SMTP id x124mr255306qha.9.1432170941503;
 Wed, 20 May 2015 18:15:41 -0700 (PDT)
Received: by 10.96.202.67 with HTTP; Wed, 20 May 2015 18:15:41 -0700 (PDT)
X-Originating-IP: [71.47.14.165]
Date: Wed, 20 May 2015 21:15:41 -0400
Message-ID: <CAKws9z0MVb8zAwmyW7ShkOjQOpJLEO_pdA=TnDT47nHa0x+wYQ@mail.gmail.com>
To: internals@lists.php.net
Content-Type: multipart/alternative; boundary=001a11432f1439fce405168d48f6
Subject: [RFC] [PHP 7.1] libsodium
From: scott@paragonie.com (Scott Arciszewski)

--001a11432f1439fce405168d48f6
Content-Type: text/plain; charset=UTF-8

Hi Internals Team,

I'm sure everyone is really focused (and excited) for PHP 7.0.0 later this
year, and many of you might not want to discuss what 7.1.x looks like yet.

The current state of cryptography in PHP is, well, abysmal. Our two main
choices for handling symmetric cryptography are libmcrypt (collecting dust
since 2007) and openssl, which lacks a streaming API (e.g. mcrypt_generic)
and GCM support.

While mcrypt is slowly decomposing in the corner and code is being
desperately migrated towards openssl in case a critical vulnerability is
discovered in the abandonware choice, the libsodium extension has been
growing steadily. Thanks to Remi, it should soon be compatible with both
PHP 5.x and 7.x (decided at compile-time). The libsodium library itself has
landed in Debian 8 and Ubuntu 15.04 and adoption is expected to persist by
the next Ubuntu LTS is released.

I think now is a good time to talk about the possibility of making
libsodium a core PHP extension, depending on where things are when we near
the 7.1 feature freeze.

I've just opened an RFC for precisely this purpose:
https://wiki.php.net/rfc/libsodium

Regards,

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>

--001a11432f1439fce405168d48f6--