Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:93675 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 54420 invoked from network); 1 Jun 2016 13:47:09 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 1 Jun 2016 13:47:09 -0000 Authentication-Results: pb1.pair.com header.from=ocramius@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=ocramius@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.42 as permitted sender) X-PHP-List-Original-Sender: ocramius@gmail.com X-Host-Fingerprint: 74.125.82.42 mail-wm0-f42.google.com Received: from [74.125.82.42] ([74.125.82.42:37558] helo=mail-wm0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C8/65-11325-C57EE475 for ; Wed, 01 Jun 2016 09:47:08 -0400 Received: by mail-wm0-f42.google.com with SMTP id z87so30355832wmh.0 for ; Wed, 01 Jun 2016 06:47:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=hFn56VonyhdKGA/GpPaRWwlGSn8fnMNwvbuDxp+4gIY=; b=pwK7HlBjM6b0pvehvJIkopWARxN9I5U9fUZZ6ijBML2SdfZ6F3MUf23Z0aQx3ZX/vV vJNvFiZJPIPjPwYeP4ttw8WXV9xp3lBJTSRc1wjn+/4IlsGDb6w3ctRHpQuTNpv8BkdC KRLnncyIJcAZBvyk7ST9oaamNIYdlRr9k+/2MeZuPQPCAxOTi9EvNAYDx9jmgqCp85qH fFi/8Yd33cu2scRNoP+k5fTkMw3FDHhcL6i6M7gXQ5Qz2S/zAP5AwJpMCp5YM2yRjl7Y duy/RAoWxjDckG5+QifMrNljBUZ1eD8fqaIn4sdkXOb4bcyP17NLE7lF92gQdLvRL+Ck 3BXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=hFn56VonyhdKGA/GpPaRWwlGSn8fnMNwvbuDxp+4gIY=; b=fT0y1MVVZ2xAtyoS6fkX/WutGBsQw/vIj5vSGzh2v+pJG65TTu9RKXX3oKoAooBCTi SscdkfB/YC5YzLmgQbCYru55G797Fvm6t2uStN3toUCNoawizd52na7NMl1vBqYTE+xm MnGhzeZqAiBT/MDyzXGbzxSscBqZCz6/fi8wlRwCNxQAQe6FQSD49FqwAJLadGRErSM9 haK/bHdPK67ittELMKOltXMgXyBa92v2Z62/GkkyzMy3+nfs2efhHs+lqP6QM/rTS4Rd lKbGhHxL52kN5bDX9/QesC7Nl+402AoLcnilBi9ha5iMYuM38jN9+IugJwsBBNCBOBqz gm8w== X-Gm-Message-State: ALyK8tKEYDK1zu2YuKRCTeqpk+1KGwNmuI0xegI5/R5JgfuWR3vUI4CRGEewaod3oLTCY/Hvr1h1DcZGEhGyEg== X-Received: by 10.194.173.132 with SMTP id bk4mr4077949wjc.92.1464788825408; Wed, 01 Jun 2016 06:47:05 -0700 (PDT) MIME-Version: 1.0 Received: by 10.194.163.106 with HTTP; Wed, 1 Jun 2016 06:46:45 -0700 (PDT) In-Reply-To: References: Date: Wed, 1 Jun 2016 15:46:45 +0200 Message-ID: To: Scott Arciszewski Cc: PHP Internals Content-Type: multipart/alternative; boundary=089e0112c2de9c0af1053437b9fd Subject: Re: [PHP-DEV] [RFC] Libsodium - Discussion From: ocramius@gmail.com (Marco Pivetta) --089e0112c2de9c0af1053437b9fd Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 1 June 2016 at 15:45, Scott Arciszewski wrote: > On Wed, Jun 1, 2016 at 6:48 AM, Marco Pivetta wrote: > >> Hey Scott, >> >> On 1 June 2016 at 09:49, Scott Arciszewski wrote: >> >>> Hi PHP Internals Team, >>> >>> Let's begin discussing the prospect of adding libsodium as a core >>> extension >>> in PHP 7.1. I've updated the RFC to explain why this would be a good id= ea >>> and the benefits it offers. >>> >>> https://wiki.php.net/rfc/libsodium >>> >>> If the subsequent discussion goes smoothly, I would like to open voting >>> on >>> June 15. >>> >>> Together, let's make PHP cryptography so safe that it becomes boring. >>> >> >> First, thanks for providing better alternatives to crypto in PHP! >> >> I also agree with Remi on naming: let's avoid calling the extension >> `libsodium`. >> >> I have some concerns that are just about code quality, not about >> functionality. Consider that I didn't look at the underlying library (an= d I >> really care little about it, from a consumer perspective). >> >> 1. is there a particular reason why abbreviations are used? For >> instance, why `sodium_randombytes_buf()` instead of >> `sodium_random_bytes_buffer()`? >> 2. from a naming perspective, I'd expect `sodium_randombytes_buf()` to >> give me a buffer of random bytes (probably as a stream), but it returns = the >> actual string of random bytes. Again: confusing naming >> 3. can we avoid using "themed" naming? For example, instead of >> `sodium_crypto_secretbox()`, it would be best to express what it actuall= y >> does, like `sodium_encrypt_and_sign()`. While the naming may be emerging >> from lower layers, I still (like I did with other RFCs) disagree with >> inheriting confusing naming. This will just cause users to look up the >> naming up when reading or writing code, and ultimately add up to silly >> bugs. I can already foresee that people will use the API incorrectly jus= t >> because of the naming. >> 4. can't we just keep it namespaced under `Sodium`, instead of adding >> more stuff to the root level namespace? Does anyone have a reference to = the >> coding standards that would cause the rename? >> >> Cheers, >> >> Marco Pivetta >> >> http://twitter.com/Ocramius >> >> http://ocramius.github.com/ >> >> > =E2=80=8BI'd love to just keep the namespace personally > =E2=80=8B ( > Ke > =E2=80=8Beping \Sodium\foo() and \SODIUM\FOO means code I've written toda= y will > work in 7.1 for non-PECL users > =E2=80=8B, and less work we thrust on Frank Denis)=E2=80=8B > =E2=80=8B > but it was previously expressed that doing so violates the coding standar= d. > =E2=80=8B Changing to sodium_* would mean less bikeshedding and automatic= "No" > votes. > Weird... I guess we could add a subsection to the vote? > As for the function names, that's what they were called in NaCl. > https://nacl.cr.yp.to/secretbox.html > > I believe randombytes_buf() was named in a similar spirit to OpenBSD's > arc4random_buf(). > Yeh, that is software archaeology though, not software design ;-) Marco Pivetta http://twitter.com/Ocramius http://ocramius.github.com/ --089e0112c2de9c0af1053437b9fd--