Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:90472
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 61871 invoked from network); 11 Jan 2016 03:14:42 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 11 Jan 2016 03:14:42 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.214.170 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.214.170 mail-ob0-f170.google.com  
Received: from [209.85.214.170] ([209.85.214.170:32803] helo=mail-ob0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 4C/44-14657-F1E13965 for <internals@lists.php.net>; Sun, 10 Jan 2016 22:14:40 -0500
Received: by mail-ob0-f170.google.com with SMTP id bx1so369636113obb.0
        for <internals@lists.php.net>; Sun, 10 Jan 2016 19:14:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=lnDXltcC5Hz0RJxNA+xzPPtB7Qh235KIYdGFUaYxVmI=;
        b=AweruI1MZvUJ7Eu6AX/hBzY+wh7dcB3B+sZrrWABGZ58+qUHZSDh8AFti/Qg1SpHHK
         pIqDljNfFIpILeiFywafIJ7UywZe5WRbRFDV7Vn4AtVWzbV+TKGzchav0cqzujl5H1GS
         SuigOHgl6W/r/q61k7fHTtMiFJmfhLiaX8wt1kSw6hl8A4TA41CzXiwXwkgFWLcjQNMz
         FbO3eHz3Bz1CDGmRz5OE6eitg9FCZBGHHdH5D7935BShO3TN4Tcaxze7oeyFGFNJkLLG
         h3r9vRH5ouoUCnnQNJmi6lC5Z2YphVUXW4ny2/ptHjXD+UCg3adbmLaseRWqFd4OmV9o
         SeNw==
MIME-Version: 1.0
X-Received: by 10.182.171.8 with SMTP id aq8mr48624242obc.51.1452482076909;
 Sun, 10 Jan 2016 19:14:36 -0800 (PST)
Received: by 10.202.95.68 with HTTP; Sun, 10 Jan 2016 19:14:35 -0800 (PST)
Received: by 10.202.95.68 with HTTP; Sun, 10 Jan 2016 19:14:35 -0800 (PST)
In-Reply-To: <CAKws9z15+U6F+ywskEfxVqhmqgTWUrmXtZERuKsHjusE+SanyQ@mail.gmail.com>
References: <CAKws9z1g24rD=t92+9xKtO=3PuwQ3_N=L36gmVMqCC84CoqipQ@mail.gmail.com>
	<CAEZPtU7-Lk=jGsTQgRZOvBpcPPgdX3V-23=3_k9CXbmxU77V1A@mail.gmail.com>
	<CAKws9z248Kj=0qTLPZik0Ki1_zGPq+4fr6HQi_keeVCso1S4eQ@mail.gmail.com>
	<5692CDB6.5050905@gmail.com>
	<CAKws9z1e_+XOzsojz9gW-zzswhaK7h+HothhTWWVSvDQXri2zA@mail.gmail.com>
	<5692D424.2010908@gmail.com>
	<CAKws9z15+U6F+ywskEfxVqhmqgTWUrmXtZERuKsHjusE+SanyQ@mail.gmail.com>
Date: Mon, 11 Jan 2016 10:14:35 +0700
Message-ID: <CAEZPtU6u4niYim4rd4VLpL0cwff85pPSg8dV+SkHyRSS_w7vDQ@mail.gmail.com>
To: Scott Arciszewski <scott@paragonie.com>
Cc: Rowan Collins <rowan.collins@gmail.com>, PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=e89a8ff1ccaa3ca97e0529065660
Subject: Re: [PHP-DEV] [RFC] Libsodium
From: pierre.php@gmail.com (Pierre Joye)

--e89a8ff1ccaa3ca97e0529065660
Content-Type: text/plain; charset=UTF-8

On Jan 11, 2016 5:22 AM, "Scott Arciszewski" <scott@paragonie.com> wrote:
>
> On Sun, Jan 10, 2016 at 4:59 PM, Rowan Collins <rowan.collins@gmail.com>
wrote:
> > On 10/01/2016 21:41, Scott Arciszewski wrote:
> >>
> >> Hi Rowan,
> >>
> >>> >I think what people are suggesting is not that libsodium shouldn't be
> >>> >supported under-the-hood, just that the fact you're using it
shouldn't
> >>> > be
> >>> >exposed to userland.
> >>
> >> These are separate concerns. Let's call them Sodium and SimpleSodium.
> >>
> >> With Sodium, power users gain the ability to write software that
> >> directly uses low-level primitives in PHP without requiring their
> >> users to install dependencies (i.e. from PECL). [
> >>
> >> SimpleSodium is a driver for the simple cryptography wrapper.
> >
> >
> > As noted on the other thread, I think what people are looking for is
> > actually somewhere between the two - something for power users to use
> > *without tying their code to libsodium*. Code written using mcrypt_*
> > functions is now facing an annoying upgrade path; code written with
sodium_*
> > functions now may face the same some years in the future, who knows?
> >
> > PHP should not be maintaining its own low-level implementations of
crypto,
> > but it should seem to the user as though it does - they should be
asking PHP
> > for a particular cipher / mode / etc, not asking libsodium for one via a
> > thin PHP wrapper.
> >
> >
> >> You can have SimpleSodium without Sodium, but if we don't get Sodium
into
> >> core
> >> I will, personally, not be putting forth one more ounce of time or
> >> effort into helping the PHP core so who knows maybe not?
> >
> >
> > Obviously, this is entirely your prerogative, but it seems quite a
> > black-and-white stance - maybe leave a bit of leeway for understanding
other
> > people's concerns before threatening to abandon work which would be very
> > much appreciated.
> >
> >
> > Regards,
> >
> > --
> > Rowan Collins
> > [IMSoP]
> >
> >
> > --
> > PHP Internals - PHP Runtime Development Mailing List
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
> Hi Rowan,
>
> > As noted on the other thread, I think what people are looking for is
> > actually somewhere between the two - something for power users to use
> > *without tying their code to libsodium*. Code written using mcrypt_*
> > functions is now facing an annoying upgrade path; code written with
sodium_*
> > functions now may face the same some years in the future, who knows?
>
> And I'm of the opinion that most users need a library that does
> everything for them, and power users need a toolkit, and we shouldn't
> try to solve both use cases with the same library.

This is a valid and good point.

Also agree on the need of the two. Now whether the toolkit should be an
extension or userland can be discussed as well.

Whether sodium (or other) are in the core or  not, the discussions about a
more powerful (also proposing a wider range of options for various tasks,
even using bad cyphers) sound like a good thing and may as well answer the
question about your libsodium binding proposal.

> Some people might
> be allergic to having two separate tools for two separate jobs,

On the other hand they have things in common. But I totally agree on the
userland side. PHP needs a password-like APIs for crypto, where users will
have a hard time to do it wrong.

> but I
> am not one of them. Power-users will need low-level cipher
> implementations, most developers will only write insecure code if we
> let them.
>
> If libsodium gets obsoleted (unlikely), it will be because of the
> availability of practical quantum computers, which also obsoletes
> openssl and all existing public-key cryptography. Mcrypt is unique in
> that it was completely abandoned (and poorly designed, to boot) after
> adoption. I don't think this is a meaningful discussion to have right
> now, given how widespread it is.
>
> https://download.libsodium.org/doc/bindings_for_other_languages/index.html
>

> I'm just letting it be known now where I stand with this now rather
> than later, so if this libsodium initiative doesn't pass and I
> suddenly drop off internals and delete the relevant Github
> repositories for the other projects I proposed, there will be no
> question as to why.

This is your choice and you are indeed free to do it.

I cannot agree on both the killing of repositories in general and even less
of threatens to do so if a given proposal is not accept. It goes against my
principles.

In any case, given that we can have a constructive discussions about the
design and needs, I am sure we will find answers to these questions in the
next couple of weeks.

--e89a8ff1ccaa3ca97e0529065660--