Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:90469 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 48741 invoked from network); 10 Jan 2016 22:40:37 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 10 Jan 2016 22:40:37 -0000 Authentication-Results: pb1.pair.com smtp.mail=rowan.collins@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=rowan.collins@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.49 as permitted sender) X-PHP-List-Original-Sender: rowan.collins@gmail.com X-Host-Fingerprint: 74.125.82.49 mail-wm0-f49.google.com Received: from [74.125.82.49] ([74.125.82.49:35900] helo=mail-wm0-f49.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 6E/C2-14657-4EDD2965 for ; Sun, 10 Jan 2016 17:40:37 -0500 Received: by mail-wm0-f49.google.com with SMTP id l65so191498064wmf.1 for ; Sun, 10 Jan 2016 14:40:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=0JXMOdDIEj8i9stCi7+t4MshgFrLvaqtkzqkdivjRcU=; b=gMhCR7ngEPt0UHi4tb45xPWVv7JwjzLx1JNYapfOMoNMLJJ/a2TJMoYIxHXFRjq34p WkKLrdGtZBNTcfz3w1ArclgPAzSJNqPXFGaj0m9r/s/VemHwCMT/4TS+PvDKmIFWB4ua tbW9bo1AmL0+2558VoFktdz44oeACwF+z7mVcDDOARXkf8+8ZHo8Ds6Kjr9zI7f3eBGD OieVVLHimMPMYqlCFyIiywdmc4ZA1jODPKvrszwm0hzcastsbi0hEu1hy18eCXZLevZh qi1+oNxUShD7sdjzRCrDF72MEVt+XidL0kk4+LOj5m2OtqJ02FkLXkEX3yvu9UuCGQvY VXjg== X-Received: by 10.28.133.8 with SMTP id h8mr10496923wmd.71.1452465633625; Sun, 10 Jan 2016 14:40:33 -0800 (PST) Received: from [192.168.1.189] ([2.31.24.87]) by smtp.googlemail.com with ESMTPSA id t195sm4962716wme.13.2016.01.10.14.40.32 for (version=TLSv1/SSLv3 cipher=OTHER); Sun, 10 Jan 2016 14:40:32 -0800 (PST) References: <5692CDB6.5050905@gmail.com> <5692D424.2010908@gmail.com> To: PHP Internals Message-ID: <5692DDD0.8050900@gmail.com> Date: Sun, 10 Jan 2016 22:40:16 +0000 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] [RFC] Libsodium From: rowan.collins@gmail.com (Rowan Collins) Hi Scott, On 10/01/2016 22:22, Scott Arciszewski wrote: > And I'm of the opinion that most users need a library that does > everything for them, and power users need a toolkit, and we shouldn't > try to solve both use cases with the same library. I don't think anyone is arguing against that, they just see a different pair of tools: a toolkit which is abstracted slightly away from libsodium but still has all its flexibility, and a crypto-for-dummies interface on top of that. > If libsodium gets obsoleted (unlikely), it will be because of the > availability of practical quantum computers, which also obsoletes > openssl and all existing public-key cryptography. Mcrypt is unique in > that it was completely abandoned (and poorly designed, to boot) after > adoption. I don't think this is a meaningful discussion to have right > now, given how widespread it is. OpenSSL was incredibly widespread when Heartbleed was uncovered; it still is, and from your other mails you're still not a fan. Without a crystal ball, we can't know that Sodium is going to last forever, so are looking for a way to integrate its functionality into PHP in such a way that if an alternative comes along later, it is relatively easy to port code from one to the other, rather than tying PHP code directly to Sodium's API. It may even turn out - I honestly don't know - that the only thing we need to change in Sodium's API is the word "Sodium", and we could simply present the functions as "a toolbox of encryption primitives, currently implemented using libsodium". Regards, -- Rowan Collins [IMSoP]