Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:90468
Return-Path: <scott@paragonie.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 46779 invoked from network); 10 Jan 2016 22:22:06 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 10 Jan 2016 22:22:06 -0000
Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain paragonie.com from 209.85.217.171 cause and error)
X-PHP-List-Original-Sender: scott@paragonie.com
X-Host-Fingerprint: 209.85.217.171 mail-lb0-f171.google.com  
Received: from [209.85.217.171] ([209.85.217.171:35285] helo=mail-lb0-f171.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 53/72-14657-A89D2965 for <internals@lists.php.net>; Sun, 10 Jan 2016 17:22:05 -0500
Received: by mail-lb0-f171.google.com with SMTP id bc4so244895313lbc.2
        for <internals@lists.php.net>; Sun, 10 Jan 2016 14:22:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paragonie-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=bdyLyYDjt8kZ1kY5rCUbnUqxntf+XJEA0mOF0a1fByA=;
        b=B47duCvYQzeHy0FnNuRB8ITW4GsZd1jAtdp5vkgFmYwuOBetCwCXjk1FOolYZIlXDr
         XII8UVBgyxHbcOQYt17A0hGpYXfpvlt1sOCowjVOAZWRdsE5u+q03O79CTJL37dY9qbO
         Bfx3qcdz3ZPSU+4jFl9lsT0RjG1bwx3snLrdRlR8iwUN4ey8W4ZXDXtsLLhRU135yn7T
         ma06PEb0jZAkIDUbPU+y5oncWpi4DHoy7SLExlMjYTOxUIXq25NtN1w+FT71mNP6LVYl
         vHY62J7o3LIaXYEFEnWqlDJtPSqjPIsBxEtktoz98CN02zCTA+/IMFyUND4wJl8F+AwU
         6LgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:cc:content-type;
        bh=bdyLyYDjt8kZ1kY5rCUbnUqxntf+XJEA0mOF0a1fByA=;
        b=PsTEB9qFW3Gll0zf9+fOFRrYUHGGOWGYOjFFyKu7BEioNftE0Od8p36Amr9/VKZkxs
         Q4sT34Z5ZMIzdoXIQMdlzsb9plOlOsJr0PaLRwueMmJjkB5lA08O5eYpG2D2BaczmDmf
         Ovz+NxhZc7gne4JitzpH9k79oB58dWg/cNMgfkblyaGK8yvOH+PZIX+L+11e23+H+UPq
         bViOKFvPwRPOFX2QOZ2XnzySnacaHl2H9wuC7FzNbV2oH3oogOKEMvWCs9EqfxN0wquF
         ZNKoGEnw9/M7HhUkA8JXTo4mRuevcSktrWL9AVpDfRXOs0pV+00P7HTUpkECuTE5LKmT
         E9dw==
X-Gm-Message-State: ALoCoQmdQ+d/2F/ER2OJwF6qH/i8xO64Z6qzy4CCLfnmudiGqHG0BFQex5Me38LkXcaskqlljhIBOOsoiX0iFcheDzjmpdOe+Q==
MIME-Version: 1.0
X-Received: by 10.112.143.163 with SMTP id sf3mr8367941lbb.117.1452464520234;
 Sun, 10 Jan 2016 14:22:00 -0800 (PST)
Received: by 10.114.160.13 with HTTP; Sun, 10 Jan 2016 14:22:00 -0800 (PST)
In-Reply-To: <5692D424.2010908@gmail.com>
References: <CAKws9z1g24rD=t92+9xKtO=3PuwQ3_N=L36gmVMqCC84CoqipQ@mail.gmail.com>
	<CAEZPtU7-Lk=jGsTQgRZOvBpcPPgdX3V-23=3_k9CXbmxU77V1A@mail.gmail.com>
	<CAKws9z248Kj=0qTLPZik0Ki1_zGPq+4fr6HQi_keeVCso1S4eQ@mail.gmail.com>
	<5692CDB6.5050905@gmail.com>
	<CAKws9z1e_+XOzsojz9gW-zzswhaK7h+HothhTWWVSvDQXri2zA@mail.gmail.com>
	<5692D424.2010908@gmail.com>
Date: Sun, 10 Jan 2016 17:22:00 -0500
Message-ID: <CAKws9z15+U6F+ywskEfxVqhmqgTWUrmXtZERuKsHjusE+SanyQ@mail.gmail.com>
To: Rowan Collins <rowan.collins@gmail.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC] Libsodium
From: scott@paragonie.com (Scott Arciszewski)

On Sun, Jan 10, 2016 at 4:59 PM, Rowan Collins <rowan.collins@gmail.com> wrote:
> On 10/01/2016 21:41, Scott Arciszewski wrote:
>>
>> Hi Rowan,
>>
>>> >I think what people are suggesting is not that libsodium shouldn't be
>>> >supported under-the-hood, just that the fact you're using it shouldn't
>>> > be
>>> >exposed to userland.
>>
>> These are separate concerns. Let's call them Sodium and SimpleSodium.
>>
>> With Sodium, power users gain the ability to write software that
>> directly uses low-level primitives in PHP without requiring their
>> users to install dependencies (i.e. from PECL). [
>>
>> SimpleSodium is a driver for the simple cryptography wrapper.
>
>
> As noted on the other thread, I think what people are looking for is
> actually somewhere between the two - something for power users to use
> *without tying their code to libsodium*. Code written using mcrypt_*
> functions is now facing an annoying upgrade path; code written with sodium_*
> functions now may face the same some years in the future, who knows?
>
> PHP should not be maintaining its own low-level implementations of crypto,
> but it should seem to the user as though it does - they should be asking PHP
> for a particular cipher / mode / etc, not asking libsodium for one via a
> thin PHP wrapper.
>
>
>> You can have SimpleSodium without Sodium, but if we don't get Sodium into
>> core
>> I will, personally, not be putting forth one more ounce of time or
>> effort into helping the PHP core so who knows maybe not?
>
>
> Obviously, this is entirely your prerogative, but it seems quite a
> black-and-white stance - maybe leave a bit of leeway for understanding other
> people's concerns before threatening to abandon work which would be very
> much appreciated.
>
>
> Regards,
>
> --
> Rowan Collins
> [IMSoP]
>
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>

Hi Rowan,

> As noted on the other thread, I think what people are looking for is
> actually somewhere between the two - something for power users to use
> *without tying their code to libsodium*. Code written using mcrypt_*
> functions is now facing an annoying upgrade path; code written with sodium_*
> functions now may face the same some years in the future, who knows?

And I'm of the opinion that most users need a library that does
everything for them, and power users need a toolkit, and we shouldn't
try to solve both use cases with the same library. Some people might
be allergic to having two separate tools for two separate jobs, but I
am not one of them. Power-users will need low-level cipher
implementations, most developers will only write insecure code if we
let them.

If libsodium gets obsoleted (unlikely), it will be because of the
availability of practical quantum computers, which also obsoletes
openssl and all existing public-key cryptography. Mcrypt is unique in
that it was completely abandoned (and poorly designed, to boot) after
adoption. I don't think this is a meaningful discussion to have right
now, given how widespread it is.

https://download.libsodium.org/doc/bindings_for_other_languages/index.html

> PHP should not be maintaining its own low-level implementations of crypto,
> but it should seem to the user as though it does - they should be asking PHP
> for a particular cipher / mode / etc, not asking libsodium for one via a
> thin PHP wrapper.

There is little in common between openssl and libsodium. Go look at
the cipher options in libsodium; it forces you to use conservative,
secure ciphers. OpenSSL lets you encrypt in DES-ECB without complaint.

> Obviously, this is entirely your prerogative, but it seems quite a
> black-and-white stance - maybe leave a bit of leeway for understanding other
> people's concerns before threatening to abandon work which would be very
> much appreciated.

I'm just letting it be known now where I stand with this now rather
than later, so if this libsodium initiative doesn't pass and I
suddenly drop off internals and delete the relevant Github
repositories for the other projects I proposed, there will be no
question as to why.

I believe in being explicit and forthcoming.

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>