Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:90461
Return-Path: <fsb@thefsb.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 33780 invoked from network); 10 Jan 2016 21:01:40 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 10 Jan 2016 21:01:40 -0000
Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 173.203.187.67 as permitted sender)
X-PHP-List-Original-Sender: fsb@thefsb.org
X-Host-Fingerprint: 173.203.187.67 smtp67.iad3a.emailsrvr.com Linux 2.6
Received: from [173.203.187.67] ([173.203.187.67:38746] helo=smtp67.iad3a.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 04/FF-14657-3B6C2965 for <internals@lists.php.net>; Sun, 10 Jan 2016 16:01:40 -0500
Received: from smtp9.relay.iad3a.emailsrvr.com (localhost.localdomain [127.0.0.1])
	by smtp9.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 49723380382;
	Sun, 10 Jan 2016 16:01:37 -0500 (EST)
X-Auth-ID: fsb@thefsb.org
Received: by smtp9.relay.iad3a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 88959380387;
	Sun, 10 Jan 2016 16:01:36 -0500 (EST)
X-Sender-Id: fsb@thefsb.org
Received: from [10.0.1.2] (c-66-30-62-12.hsd1.ma.comcast.net [66.30.62.12])
	(using TLSv1 with cipher DES-CBC3-SHA)
	by 0.0.0.0:465 (trex/5.5.4);
	Sun, 10 Jan 2016 16:01:37 -0500
User-Agent: Microsoft-MacOutlook/14.5.9.151119
Date: Sun, 10 Jan 2016 16:01:33 -0500
To: Scott Arciszewski <scott@paragonie.com>
CC: Pierre Joye <pierre.php@gmail.com>,
	PHP Internals <internals@lists.php.net>
Message-ID: <D2B82CDB.6A25B%fsb@thefsb.org>
Thread-Topic: [PHP-DEV] [RFC] Libsodium
References: <CAKws9z1g24rD=t92+9xKtO=3PuwQ3_N=L36gmVMqCC84CoqipQ@mail.gmail.com>
 <CAEZPtU7-Lk=jGsTQgRZOvBpcPPgdX3V-23=3_k9CXbmxU77V1A@mail.gmail.com>
 <CAKws9z248Kj=0qTLPZik0Ki1_zGPq+4fr6HQi_keeVCso1S4eQ@mail.gmail.com>
 <CAEZPtU7NpPWn0MsXjbFw9gNvRxm98XkHFk=RvQ1v0hRqcdGS3w@mail.gmail.com>
 <5692BC8F.4030503@thefsb.org>
 <CAKws9z2KirJremaN56qS4u=okjtnWKzTkMSBBWoZbxm0LurDig@mail.gmail.com>
In-Reply-To: <CAKws9z2KirJremaN56qS4u=okjtnWKzTkMSBBWoZbxm0LurDig@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain;
	charset="UTF-8"
Content-transfer-encoding: 7bit
Subject: Re: [PHP-DEV] [RFC] Libsodium
From: fsb@thefsb.org (Tom Worster)

On 1/10/16, 3:39 PM, "Scott Arciszewski" <scott@paragonie.com> wrote:

>On Sun, Jan 10, 2016 at 3:18 PM, Tom Worster <fsb@thefsb.org> wrote:
>> On 1/7/16 11:24 AM, Pierre Joye wrote:
>>>
>>> What I do not like too much is the addition of an extension with
>>> (relatively) low level functions for one specific library. It does not
>>> really matter how good is this specific library, I simply do not see
>>> such addition as a good strategic move.
>>
>>
>> I also worry that it's yet another thing to maintain. The more API you
>>offer
>> to the PHP programmer, the more responsibility you take on.
>>
>> Tom
>
>Except two things:
>
>1. I'm trying to get rid of mcrypt, bringing the net change of
>cryptography libraries to maintain to 0, but still improving the
>cryptography library availability significantly.
>2. I'm willing to maintain it, so you're gaining manpower with this
>change.
>
>I'd argue that, strategically, what I've proposed across several RFCs
>is superior to maintaining the status quo.

A high-level API that plugs into Sodium, Open,Libre,BoringSSL (and maybe
etc.) in addition to a low-level libsodium API is more responsibility in
total than only high-level API. So "relative to the status quo" isn't the
only interesting perspective.

Unless I misunderstand your proposal. Are you saying that you are only
interested in working on the high-level API if libsodium moves to core? In
that case the other perspective isn't relevant.

Tom