Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:93674 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 52891 invoked from network); 1 Jun 2016 13:45:11 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 1 Jun 2016 13:45:11 -0000 Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain paragonie.com designates 209.85.218.49 as permitted sender) X-PHP-List-Original-Sender: scott@paragonie.com X-Host-Fingerprint: 209.85.218.49 mail-oi0-f49.google.com Received: from [209.85.218.49] ([209.85.218.49:34794] helo=mail-oi0-f49.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 32/15-11325-3E6EE475 for ; Wed, 01 Jun 2016 09:45:08 -0400 Received: by mail-oi0-f49.google.com with SMTP id e72so27765910oib.1 for ; Wed, 01 Jun 2016 06:45:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paragonie-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=jhiZGn2HykKeV7zo0cvP5c05R40PVMYqmlzmvmFB4jk=; b=Oio9i3VUYtf9KXO6irSWjYiQdfK1VHzw3y/GBvrlFdCcFyX5PO9bUjcM5Dl9q9xa4p sZwgk6R+IavGsFRqJHBNa+m7gn0G0DTnMOg+tzEs27zQncG8+QL1t9gN7rCDfHNzXtMC FHzTsoCorj7jqehdRMc3sMxIBRUnET6Ko5f/O0pjvw3HMerkeeQXH2RISki6NSoThtm4 kIsS4obLY7irwZLq/sEkFyi/VBVMzZM8kahDWEsU/sxm2+zblwSWjPsHYmG8memh6fAW h7GsegiXRY0eFBft5y5V+kOKnFuO7WPpR2HjRBxyyDvysOswQJHctZMbD+y1HDRLHzOQ 8gEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=jhiZGn2HykKeV7zo0cvP5c05R40PVMYqmlzmvmFB4jk=; b=PVNNf13xzH0xXltG6AFULxp7p26AOCAQycPkzn3Jdd4YI3fwemT6MKlmOmGP5kYfBi S4aDXTBIk0rdXNmPjuTMBVUdQ8rSWu3jWpn0ef9U9gdvEHVvKZNKgRL3kPZGKph7jpb5 rc8nADbtrZdUnr/mnewEWrIy0ezqAZjCCI9QuAvK61zW8tLBSqeVRoIajsLfIn+v7VwS VPzvxR2N6HITxQnMLdI2KV+Tc79TsE/PHxJo+IqWO5oS5Xs8CKFkHZloY9BTD0QJADx8 uUIt2jERNRbAzdyEEakZuTjmYCehrNM7xLvoEg7BuQUSYUy+1LUwHCgzWnu3Ou9z8W6S 2pEA== X-Gm-Message-State: ALyK8tJcUnAuwOnDTRTBU0edcXgOye5BcE44Bn9kPTy2iBcqlQ2JSNIRq4T3g7cxsOUBdx/EfXCdtiGEtSmRHQ== MIME-Version: 1.0 X-Received: by 10.157.20.101 with SMTP id h92mr2328268oth.114.1464788704742; Wed, 01 Jun 2016 06:45:04 -0700 (PDT) Received: by 10.157.26.106 with HTTP; Wed, 1 Jun 2016 06:45:04 -0700 (PDT) In-Reply-To: References: Date: Wed, 1 Jun 2016 09:45:04 -0400 Message-ID: To: Marco Pivetta Cc: PHP Internals Content-Type: multipart/alternative; boundary=001a1149e4526af85c053437b2bb Subject: Re: [PHP-DEV] [RFC] Libsodium - Discussion From: scott@paragonie.com (Scott Arciszewski) --001a1149e4526af85c053437b2bb Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, Jun 1, 2016 at 6:48 AM, Marco Pivetta wrote: > Hey Scott, > > On 1 June 2016 at 09:49, Scott Arciszewski wrote: > >> Hi PHP Internals Team, >> >> Let's begin discussing the prospect of adding libsodium as a core >> extension >> in PHP 7.1. I've updated the RFC to explain why this would be a good ide= a >> and the benefits it offers. >> >> https://wiki.php.net/rfc/libsodium >> >> If the subsequent discussion goes smoothly, I would like to open voting = on >> June 15. >> >> Together, let's make PHP cryptography so safe that it becomes boring. >> > > First, thanks for providing better alternatives to crypto in PHP! > > I also agree with Remi on naming: let's avoid calling the extension > `libsodium`. > > I have some concerns that are just about code quality, not about > functionality. Consider that I didn't look at the underlying library (and= I > really care little about it, from a consumer perspective). > > 1. is there a particular reason why abbreviations are used? For instance= , > why `sodium_randombytes_buf()` instead of `sodium_random_bytes_buffer()`? > 2. from a naming perspective, I'd expect `sodium_randombytes_buf()` to > give me a buffer of random bytes (probably as a stream), but it returns t= he > actual string of random bytes. Again: confusing naming > 3. can we avoid using "themed" naming? For example, instead of > `sodium_crypto_secretbox()`, it would be best to express what it actually > does, like `sodium_encrypt_and_sign()`. While the naming may be emerging > from lower layers, I still (like I did with other RFCs) disagree with > inheriting confusing naming. This will just cause users to look up the > naming up when reading or writing code, and ultimately add up to silly > bugs. I can already foresee that people will use the API incorrectly just > because of the naming. > 4. can't we just keep it namespaced under `Sodium`, instead of adding > more stuff to the root level namespace? Does anyone have a reference to t= he > coding standards that would cause the rename? > > Cheers, > > Marco Pivetta > > http://twitter.com/Ocramius > > http://ocramius.github.com/ > > =E2=80=8BI'd love to just keep the namespace personally =E2=80=8B ( Ke =E2=80=8Beping \Sodium\foo() and \SODIUM\FOO means code I've written today = will work in 7.1 for non-PECL users =E2=80=8B, and less work we thrust on Frank Denis)=E2=80=8B =E2=80=8B but it was previously expressed that doing so violates the coding standard. =E2=80=8B Changing to sodium_* would mean less bikeshedding and automatic "= No" votes. As for the function names, that's what they were called in NaCl. https://nacl.cr.yp.to/secretbox.html I believe randombytes_buf() was named in a similar spirit to OpenBSD's arc4random_buf(). Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises =E2=80=8B --001a1149e4526af85c053437b2bb--