Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:98049 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 23501 invoked from network); 30 Jan 2017 19:40:29 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 30 Jan 2017 19:40:29 -0000 Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain paragonie.com designates 74.125.82.176 as permitted sender) X-PHP-List-Original-Sender: scott@paragonie.com X-Host-Fingerprint: 74.125.82.176 mail-ot0-f176.google.com Received: from [74.125.82.176] ([74.125.82.176:34710] helo=mail-ot0-f176.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 48/F9-51557-5A69F885 for ; Mon, 30 Jan 2017 14:40:21 -0500 Received: by mail-ot0-f176.google.com with SMTP id f9so250164143otd.1 for ; Mon, 30 Jan 2017 11:40:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paragonie-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=sQBrna2jEwfTQQBZCH+ywToCHBFIB3JbWFXYRSH09uk=; b=cFVwpDuaXczdVkO2C3aHrZq978RuNntKldONO92vQuoUsCUWBKMiS6NKAHHrb5n7eQ yjLHLtrjGI6PKbQAxdQuEwTSgQigf/5l/B9bcNZXDHvGHzsLDBYmzL9c2Y2xbVQjkBrY PNlH1ytrInYjWkMltLfii0Pqpm4UZWWlLbTIXmZ+D/koH9yyYoqqWJdbnJulQHE2PJpp BHiGTiXjYnvE9uU0I4tGYAeRfok5dU4QPwB68zIQQy4/lkwwN1/8neWG39guH+6rywwT Kybybv5YMyy0iiC/iJlW0HtY33p43HSoO7q2JcC0zUJ7LWMIZVZroBwmhkk8uZ6Bc2wi hdBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=sQBrna2jEwfTQQBZCH+ywToCHBFIB3JbWFXYRSH09uk=; b=PLjwGfwQf735ugVgQIBbyQuCSF9QL7IAeM1Kq1qbUYwxLFAUmArRWVsNrgbMGsJy8d LswQlo28lpU2ORQZWzFQ5zzZYEjUahBOagogqSXbhNAwmw4zUXmX8tUx72zwHORJp0yn 8CCVO2F+8sbLFQBJuh2beIdikjjG4MXjVtqR4O2NCwgsl22rbFDZd+6+r1Yypo8V9i8Z ZB3T/jNSdRUTp1VaJp1LJrFnvrTnOgnojkSfe2eUF15pJKqi9Vrq2h8oBwIGsCDXHG3M 18TmXlM8qQGgORFuhYhrlOJVrszCx0kjLF3wpwjO0RsOQylYKAbz+c8RSkzGWt1sW3DV Fx4w== X-Gm-Message-State: AIkVDXK3yCzYMrB2q0R/t4W+3llPdexY+MBV/ba5BolstChMOHWxJL8If3ZYD1yqVa7aHoX+tcZ25vDhEkRSHQ== X-Received: by 10.157.63.211 with SMTP id i19mr10104755ote.63.1485805218535; Mon, 30 Jan 2017 11:40:18 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.56.141 with HTTP; Mon, 30 Jan 2017 11:40:18 -0800 (PST) In-Reply-To: References: Date: Mon, 30 Jan 2017 14:40:18 -0500 Message-ID: To: Jakub Zelenka Cc: PHP Internals Content-Type: multipart/alternative; boundary=001a113e4aac41b90b054754fc2c Subject: Re: [PHP-DEV] [RFC] libsodium (PHP 7.2) From: scott@paragonie.com (Scott Arciszewski) --001a113e4aac41b90b054754fc2c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sun, Jan 29, 2017 at 2:04 PM, Jakub Zelenka wrote: > Hi, > > On Wed, Jan 11, 2017 at 6:22 PM, Scott Arciszewski > wrote: > >> Hi all, >> >> I'm resurrecting my RFC to add libsodium as a core extension to PHP 7.2. >> >> > I'm still not sure why it needs to be in the core. As I said before, ther= e > are lots of healthy extension that are not in the core and it certainly > doesn't make them less used (e.g. redis, xdebug or mongo driver). At the > end it's all about packaging... > > I think libsodium has lots of really good features and it's a very nice > lib. However what makes me a bit uneasy about libsodium is that it's > basically a one dev library which is even clearly visible in here: > > https://github.com/jedisct1/libsodium/graphs/contributors > > It is certainly a bit more risky to support such lib if it all depends on > on one person rather than a team of developers. I'm not saying that it's > the same but mcrypt used to be also just one developer lib... > > Cheers > > Jakub > =E2=80=8BI erroneously replied off-list, and rather than forward messages t= hat were sent directly to me (on the offchance that they were not intended to be public), I'll just reiterate what I said privately. From my original email: > =E2=80=8BWas mcrypt in core? > > Is openssl still in core?=E2=80=8B > > If the answer to both these questions is "Yes", then it follows that libsodium should be in the core. Especially if everyone agrees that it should be included by default. > > > =E2=80=8B=E2=80=8BHowever what makes me a bit uneasy about libsodium is= that it's basically a one dev library which is even clearly visible in here:=E2=80=8B > > You're looking at it all wrong. Look here instead: https://github.com/jedisct1/libsodium/blob/master/AUTHORS > > The person who checked the code into Github may have been Frank Denis for a lot of cases, but the code itself was written by cryptographers. > > Calling it "basically a one dev library" sounds simultaneously dismissive and misinformed.=E2=80=8B (Also: There have been 58 contributors besides Fr= ank, which doesn't lead to your point at all.) > > Do you know any cryptography experts? Go ask them, "What would you rather see devs use? OpenSSL or libsodium?" and report back what they say. To be clear: I'm fairly confident that a large majority will not choose OpenSSL.= =E2=80=8B Furthermore, I'd like to raise an additional point. PHP Archive signing currently has the following options: - A hash function (forgery =3D trivial) - OpenSSL signing (which I believe means RSA-PKCSv1.5 with SHA1; Daniel Bleichenbacher had something to say about that in 2006, but e=3D65537 break= s the public exploit) Putting libsodium in core allows us to add Ed25519 signatures to Phars, which means that we can provide a reasonable level (128 bits is what I call reasonable) of assurance that the PHP archive is authentic (assuming you have a trustworthy public key). Without putting libsodium in core, can we do that? If not, that's a solid motivation to vote YES on this RFC. Conversely, let's discuss a hypothetical: If this motion is abandoned, can you (or, rather, everyone on this mailing list working together) guarantee that 100% of operating systems will bundle libsodium and the PHP extension in PECL with PHP 7.2 out-of-the-box, by default? That includes Windows, FreeBSD, OpenBSD, Debian, Ubuntu, RedHat, CentOS, and even obscure Unix-like academic projects. 100% coverage. Not 99%. Not 50%. Exactly 100%. If we can't guarantee 100% adoption without putting libsodium in the core, given the current political climate[1] and the history of unlawful cryptography export restriction enforcement[2], I'd fear that OSes (especially Enterprise Linux distributions that hold government contracts) could be pressured against offering secure cryptography (i.e. libsodium) in future versions of PHP. If we make it a core extension, it's included unless you go out of the way to compile PHP without it. This means better security by default. Let's be clear: Libsodium one of the highest regarded libraries that exposes very well-studied cryptography primitives (RFC 7748, RFC 8032, RFC 7693, etc.) with a misuse-resistant interface. It's also extremely permissively licensed (ISC). If Frank Denis were to get hit by a bus tomorrow, anyone could pick it up and continue his work. I wouldn't advise blindly trusting anyone who forks it, but the cryptography community would likely certainly come together and suggest which fork is most trustworthy. If nothing else, you could count on the cryptographers whose work is bundled in libsodium to recommend a fork. The bus factor, while a legitimate concern, isn't going to be a source of liability for libsodium nor for PHP. [1]: https://web.archive.org/web/20170127070926/https://www.cnet.com/news/trump-= apple-boycott-terrorist-iphone-san-bernardino-fbi/ [2]: https://en.wikipedia.org/wiki/Bernstein_v._United_States With respect, Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises =E2=80=8B --001a113e4aac41b90b054754fc2c--