Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:93668
Return-Path: <ocramius@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 35976 invoked from network); 1 Jun 2016 10:48:25 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 1 Jun 2016 10:48:25 -0000
Authentication-Results: pb1.pair.com smtp.mail=ocramius@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=ocramius@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.48 as permitted sender)
X-PHP-List-Original-Sender: ocramius@gmail.com
X-Host-Fingerprint: 74.125.82.48 mail-wm0-f48.google.com  
Received: from [74.125.82.48] ([74.125.82.48:34239] helo=mail-wm0-f48.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id C0/A2-11325-77DBE475 for <internals@lists.php.net>; Wed, 01 Jun 2016 06:48:24 -0400
Received: by mail-wm0-f48.google.com with SMTP id z87so27591769wmh.1
        for <internals@lists.php.net>; Wed, 01 Jun 2016 03:48:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=AoCbGpdiREWRYa1UCZXfKQ9M90CUJKtj8zHBY+iqTUc=;
        b=BkD6HpqMYSN5P5evAfff4K304FBsHSuzLNTPdfdfwmHnbWVyHEPVo1xnG+RLEllxSG
         LRp+Qjcoee26DVqdkUKRb494voKjBJwZ95h4fq5sngfIw9OzHLFj42zeQFuxGeqBa+bq
         jJ1LsSetyYQihZXpnNHs1kiyYdnZQlZE5eVS4b7At2pU8Rr7OidyBujIPbs0TvB7x10i
         Z5/mxehCpxAF5vmfpE7aik3g40twGH8qfJNCR3wN7zCgwc46Tuz9Aw0PGGw3LfsSPR6Z
         KQbsMQoUCPYitpdtBK4tpCZ2zZRPlnV/I2AbOE4rlW1oRwlyg+Jx3BWoASTNaxMvRoXo
         IEQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=AoCbGpdiREWRYa1UCZXfKQ9M90CUJKtj8zHBY+iqTUc=;
        b=Q365EEnllcpB6eyF2iFnU0IAx1A0p4wRZaYoGa01/bCQqpjLntFhDgSRDqiaUvHvMV
         5pMDCUH/JLxfhe6iA4SBWboQkXUv7bh22GKw/udBVqFu4/E9OVsefP+oWnkVjRpaSFFg
         4cEKvTIeeHQ4pQWRM0fAkcJN0L5iwfrTwcWEI0kPupif02tWoXwYTaaiyxwDj0AhDPYg
         fRKPkrnnLpmColTjOvuvsIlaxC6Wk4V6OyE24hgBbbc06af9R9dkJzUZjwA3wFvyT93K
         TB9CIS8DfY4XFzR1foXws5ciuq2QSHXtzgC+5hswZobjsmRWFU+MwNe+QNLXVl5iQPFI
         8mOw==
X-Gm-Message-State: ALyK8tK6t83TgKQQZa6FA/6dBfVNb0aMHmvoE4AkenaPjuNC7y1QzUw3J3GkduH0D3W9KlMYRSUtaqFqkqmP2g==
X-Received: by 10.28.48.196 with SMTP id w187mr2998806wmw.71.1464778100510;
 Wed, 01 Jun 2016 03:48:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.163.106 with HTTP; Wed, 1 Jun 2016 03:48:00 -0700 (PDT)
In-Reply-To: <CAKws9z114YcHkDaXO3o-E0JuHR10WsPzyedeF_8Q=shHDziwug@mail.gmail.com>
References: <CAKws9z114YcHkDaXO3o-E0JuHR10WsPzyedeF_8Q=shHDziwug@mail.gmail.com>
Date: Wed, 1 Jun 2016 12:48:00 +0200
Message-ID: <CADyq6sKr_6qi4Fnk9+yxgCA5j_xF7B7vxq7HH5_nneax5bLf5A@mail.gmail.com>
To: Scott Arciszewski <scott@paragonie.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a114245725b15ec0534353a6c
Subject: Re: [PHP-DEV] [RFC] Libsodium - Discussion
From: ocramius@gmail.com (Marco Pivetta)

--001a114245725b15ec0534353a6c
Content-Type: text/plain; charset=UTF-8

Hey Scott,

On 1 June 2016 at 09:49, Scott Arciszewski <scott@paragonie.com> wrote:

> Hi PHP Internals Team,
>
> Let's begin discussing the prospect of adding libsodium as a core extension
> in PHP 7.1. I've updated the RFC to explain why this would be a good idea
> and the benefits it offers.
>
> https://wiki.php.net/rfc/libsodium
>
> If the subsequent discussion goes smoothly, I would like to open voting on
> June 15.
>
> Together, let's make PHP cryptography so safe that it becomes boring.
>

First, thanks for providing better alternatives to crypto in PHP!

I also agree with Remi on naming: let's avoid calling the extension
`libsodium`.

I have some concerns that are just about code quality, not about
functionality. Consider that I didn't look at the underlying library (and I
really care little about it, from a consumer perspective).

 1. is there a particular reason why abbreviations are used? For instance,
why `sodium_randombytes_buf()` instead of `sodium_random_bytes_buffer()`?
 2. from a naming perspective, I'd expect `sodium_randombytes_buf()` to
give me a buffer of random bytes (probably as a stream), but it returns the
actual string of random bytes. Again: confusing naming
 3. can we avoid using "themed" naming? For example, instead of
`sodium_crypto_secretbox()`, it would be best to express what it actually
does, like `sodium_encrypt_and_sign()`. While the naming may be emerging
from lower layers, I still (like I did with other RFCs) disagree with
inheriting confusing naming. This will just cause users to look up the
naming up when reading or writing code, and ultimately add up to silly
bugs. I can already foresee that people will use the API incorrectly just
because of the naming.
 4. can't we just keep it namespaced under `Sodium`, instead of adding more
stuff to the root level namespace? Does anyone have a reference to the
coding standards that would cause the rename?

Cheers,

Marco Pivetta

http://twitter.com/Ocramius

http://ocramius.github.com/

--001a114245725b15ec0534353a6c--