Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:93805 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 68686 invoked from network); 5 Jun 2016 08:35:45 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Jun 2016 08:35:45 -0000 Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain paragonie.com designates 209.85.218.54 as permitted sender) X-PHP-List-Original-Sender: scott@paragonie.com X-Host-Fingerprint: 209.85.218.54 mail-oi0-f54.google.com Received: from [209.85.218.54] ([209.85.218.54:34152] helo=mail-oi0-f54.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id E8/B2-55579-064E3575 for ; Sun, 05 Jun 2016 04:35:44 -0400 Received: by mail-oi0-f54.google.com with SMTP id e72so186217796oib.1 for ; Sun, 05 Jun 2016 01:35:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paragonie-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=3LQ0MZQ/4dcFMNbMvG85tqwzJZKEy4LKLoKn1L3Anaw=; b=cIFv/KK20KT9JfI0NzdoyQXA7PUA3wY9rcYCu6FwjdPZ876yf024jXCB0qbKPQM1Qu loXfuk8VV+ftUv3DFszkM0RdRiTQ0HG4DH2g/UbeA5H0+MHHZ4rXy7Dcb8niD9FeNqmb E2qrMuqID+K7ePfMSYra1zFelLsIjuirNg3wR9RTvZxyLsIZzWz2F+GlSyWLaOzW86PO 12e99t2NQxmjDxAtvPhhVg8/18+dUVpdYdf7vTL0xEluCX4uajvD2oXhTO2ytfpeJ69g 3111kRfZtn2l+9QULTT16kyWMZ1pI1kSe2SohVskOXVYBQg++253corhF5bNbAmyJj39 agkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to; bh=3LQ0MZQ/4dcFMNbMvG85tqwzJZKEy4LKLoKn1L3Anaw=; b=ETvQr/OLs8O6TvQcrc747XGkazvAWdjOfT9cyDiMIntVpYsSSblKJIcVFeYiw7yD2C fq/3ndlhPn66XOB7xU9BGroa5IXa3ZinGzV6dp1S7DEOtAheClIx+nzPrxHYyph9+abG FH43sMeObm+5CYo9yYZeS9ik0voIQXHbO82R6LwPezwCU0/E8lCzyOQyMuNeBSsLzt1n Bi+wo/HU6Cc+VMpaisuv6ips0tF2biewWhQIpRJcE+5175h95uGjSijAiJ0G+jfaQFEj 6V9gfy/beISDSl0KsZEQUMVzjSertUWCt1HA6IEdHhHxPv7CV/83bkgtw4mmzsBFH4Qk Sjdg== X-Gm-Message-State: ALyK8tLoADQhuktLIB4n/TjPsiZU2wd0WudhGwzIqjLGsZlwQB8dGeGoybNqbe6KwcP+DL5E4/qyxydzrQrG7Q== MIME-Version: 1.0 X-Received: by 10.157.8.226 with SMTP id 89mr2074114otf.132.1465115742047; Sun, 05 Jun 2016 01:35:42 -0700 (PDT) Received: by 10.157.26.106 with HTTP; Sun, 5 Jun 2016 01:35:41 -0700 (PDT) In-Reply-To: References: <8ebf9e48-62e5-fae5-d234-448be3c1f9d2@fleshgrinder.com> Date: Sun, 5 Jun 2016 04:35:41 -0400 Message-ID: To: PHP Internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] [RFC] Libsodium - Discussion From: scott@paragonie.com (Scott Arciszewski) On Sun, Jun 5, 2016 at 4:31 AM, Fleshgrinder wrote: > On 6/5/2016 10:23 AM, Scott Arciszewski wrote: >> I'm trying to keep concerns separate. I do want to make the pluggable >> crypto API happen, but I barely have time for this libsodium RFC and I >> don't want to conflate the two. (Even worse: I wouldn't want the mere >> thought of an abstract high-level API to block libsodium from getting >> accepted.) >> >> Instead of /completely redesigning/ the libsodium API, what are some >> changes that need to be made to alleviate the majority of concerns >> ("it's not the pluggable crypto API" notwithstanding)? >> >> Two things to keep in mind: >> >> 1. If it breaks existing code that uses libsodium-php in a nontrivial >> way, I'm going to resist the change unless it can be proven necessary >> for the sake of everyone's sanity. >> 2. If it greatly deviates from the experience of using libsodium in >> other programming languages (e.g. renaming crypto_box), you no longer >> have libsodium and thus I will resist it. >> >> Getting rid of redundant features (by improving existing ones, not >> just cutting them!) is fine. Dropping scrypt, etc. is fine. >> > > Keeping sodium as an extension solves all your problems. You can keep > evolving it in any way you like without having to argue with others. No > breaking changes, nothing. It can even be used after another API is > introduced in core. All my problems? How do I get non-root users to install it? > We can achieve this by introducing a different API in core that uses > sodium in the background. This also allows us to exchange it without any > interruptions in userland in the future. That's the pluggable crypto API RFC, which I probably won't be able to propose until 7.2. Feel free to pick it up if you'd rather advocate for that. > If existing functions like bin2hex or hex2bin are really not good enough > than let us patch them. No need to introduce another function that does > exactly the same. Whether the two are consistent in time or not does not > change anything for userland. The resulting string is always the same. I > think that the patch for aforementioned functions would even be possible > without an RFC. Okay, that's fine by me. > The usage of names like secret box and box is simply not known to the > average user and that makes them really bad. People will have to search > the manual and dig deep until they find out that it is just about > asymmetric and symmetric encryption. We already have enough stuff that > makes no sense to the general public but to some. Put yourself in the shoes of, say, a Python developer who uses libsodium all the time who comes to PHP. If they don't find crypto_box and crypto_secretbox, they're going to get confused. > -- > Richard "Fleshgrinder" Fussenegger > Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises