Re: [PHP-DEV] [RFC] libsodium (PHP 7.2)

On Mon, Jan 30, 2017 at 4:37 PM, Jakub Zelenka wrote: > On Mon, Jan 30, 2017 at 7:40 PM, Scott Arciszewski > wrote: > >> >> On Sun, Jan 29, 2017 at 2:04 PM, Jakub Zelenka wrote: >> >>> Hi, >>> >>> On Wed, Jan 11, 2017 at 6:22 PM, Scott

Re: [PHP-DEV] [RFC] libsodium (PHP 7.2)

On Mon, Jan 30, 2017 at 7:40 PM, Scott Arciszewski wrote: > > On Sun, Jan 29, 2017 at 2:04 PM, Jakub Zelenka wrote: > >> Hi, >> >> On Wed, Jan 11, 2017 at 6:22 PM, Scott Arciszewski >> wrote: >> >>> Hi all, >>> >>> I'm resurrecting my

Re: [PHP-DEV] [RFC] libsodium (PHP 7.2)

In my previous email, there should have been an additional linebreak before: > Furthermore, I'd like to raise an additional point. ​Sorry if that hurt readability. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises

Re: [PHP-DEV] [RFC] libsodium (PHP 7.2)

On Sun, Jan 29, 2017 at 2:04 PM, Jakub Zelenka wrote: > Hi, > > On Wed, Jan 11, 2017 at 6:22 PM, Scott Arciszewski > wrote: > >> Hi all, >> >> I'm resurrecting my RFC to add libsodium as a core extension to PHP 7.2. >> >> > I'm still not sure why it needs to

Re: [PHP-DEV] [RFC] libsodium (PHP 7.2)

Hi, On Wed, Jan 11, 2017 at 6:22 PM, Scott Arciszewski wrote: > Hi all, > > I'm resurrecting my RFC to add libsodium as a core extension to PHP 7.2. > > I'm still not sure why it needs to be in the core. As I said before, there are lots of healthy extension that are not in

Re: [PHP-DEV] [RFC] libsodium (PHP 7.2)

On Tue, Jan 17, 2017 at 5:49 AM, Scott Arciszewski wrote: > On Thu, Jan 12, 2017 at 5:23 AM, Julien Pauli wrote: > >> On Wed, Jan 11, 2017 at 7:22 PM, Scott Arciszewski >> wrote: >> >>> Hi all, >>> >>> I'm resurrecting my RFC to add

Re: [PHP-DEV] [RFC] libsodium (PHP 7.2)

On Thu, Jan 12, 2017 at 5:23 AM, Julien Pauli wrote: > On Wed, Jan 11, 2017 at 7:22 PM, Scott Arciszewski > wrote: > >> Hi all, >> >> I'm resurrecting my RFC to add libsodium as a core extension to PHP 7.2. >> >> In response to feedback from Pierre Joye,

Re: [PHP-DEV] [RFC] libsodium (PHP 7.2)

On Wed, Jan 11, 2017 at 7:22 PM, Scott Arciszewski wrote: > Hi all, > > I'm resurrecting my RFC to add libsodium as a core extension to PHP 7.2. > > In response to feedback from Pierre Joye, I've outlined which parts of the > existing libsodium API I'd like exposed in the

[PHP-DEV] [RFC] libsodium (PHP 7.2)

Hi all, I'm resurrecting my RFC to add libsodium as a core extension to PHP 7.2. In response to feedback from Pierre Joye, I've outlined which parts of the existing libsodium API I'd like exposed in the core extension. Most notably: - Removed crypto_aead_aes256gcm_* because OpenSSL offers it -

Re: [PHP-DEV] [RFC] Libsodium (bump)

Hi Levi, On Sat, Mar 19, 2016 at 5:56 AM, Levi Morrison wrote: >> At least that's not what it says in the docs. > > I meant: at least according to the docs: > http://php.net/manual/en/language.namespaces.rationale.php > >> Namespace names PHP and php, and compound names starting

Re: [PHP-DEV] [RFC] Libsodium - Discussion

Hi! > This would entail a BC break against all software currently written > using libsodium. > Are you certain that deeper namespacing would be worth that trade-off? This is certainly a concern. But this is solvable - we can have aliases, for example, that would be compiled only in PECL build.

Re: [PHP-DEV] [RFC] Libsodium - Discussion

Hi! > My position on the low level nature of libsodium's APIs is as follows: ​ > That sounds like a call to action for > https://wiki.php.net/rfc/php71-crypto rather than a point of concern for > adopting libsodium.​ I think there's a bit of misunderstanding here. The low-level nature of the API

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Sun, Jun 5, 2016 at 9:35 AM, Scott Arciszewski wrote: > On Sun, Jun 5, 2016 at 4:31 AM, Fleshgrinder wrote: > > On 6/5/2016 10:23 AM, Scott Arciszewski wrote: > >> I'm trying to keep concerns separate. I do want to make the pluggable > >> crypto

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On 6/5/16 4:31 AM, Scott Arciszewski wrote: > - memzero, memcmp, hex2bin > > I am not totally convinced that memzero and maybe memcmp names are > good nor they should be there. Both would be very useful as operator > on variables. Given the simplicity of the implementations, it could be > very

Re: [PHP-DEV] [RFC] Libsodium - Discussion

Hi, Den 2016-06-01 kl. 09:49, skrev Scott Arciszewski: Hi PHP Internals Team, Let's begin discussing the prospect of adding libsodium as a core extension in PHP 7.1. I've updated the RFC to explain why this would be a good idea and the benefits it offers. https://wiki.php.net/rfc/libsodium If

Re: [PHP-DEV] [RFC] Libsodium - Discussion

Scott Arciszewski schrieb am So., 5. Juni 2016 10:13: > On Sat, Jun 4, 2016 at 6:15 PM, Stanislav Malyshev > wrote: > > > > Hi! > > > > > Let's begin discussing the prospect of adding libsodium as a core > extension > > > in PHP 7.1. I've updated the

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Sun, Jun 5, 2016 at 2:46 PM, Scott Arciszewski wrote: > > On Sun, Jun 5, 2016 at 2:20 AM, Pierre Joye wrote: >> >> >> On Jun 5, 2016 5:15 AM, "Stanislav Malyshev" wrote: >> > >> >> > The stated goal is "You shouldn't need a Ph.D

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On 6/5/2016 10:35 AM, Scott Arciszewski wrote: > All my problems? How do I get non-root users to install it? > How is it possible for them to use it now? You mentioned breaking changes for existing library users. ;) :P PHP is not meant to support you extending your user base, no offense! Our

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Sun, Jun 5, 2016 at 4:31 AM, Fleshgrinder wrote: > On 6/5/2016 10:23 AM, Scott Arciszewski wrote: >> I'm trying to keep concerns separate. I do want to make the pluggable >> crypto API happen, but I barely have time for this libsodium RFC and I >> don't want to conflate

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On 6/5/2016 10:23 AM, Scott Arciszewski wrote: > I'm trying to keep concerns separate. I do want to make the pluggable > crypto API happen, but I barely have time for this libsodium RFC and I > don't want to conflate the two. (Even worse: I wouldn't want the mere > thought of an abstract

Re: [PHP-DEV] [RFC] Libsodium - Discussion

Hi Pierre, On Thu, Jun 2, 2016 at 10:30 AM, Pierre Joye wrote: > hi Scott, > > On Wed, Jun 1, 2016 at 2:49 PM, Scott Arciszewski wrote: >> Hi PHP Internals Team, >> >> Let's begin discussing the prospect of adding libsodium as a core extension >> in

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Sun, Jun 5, 2016 at 4:12 AM, Fleshgrinder wrote: > On 6/5/2016 9:46 AM, Scott Arciszewski wrote: >> Libsodium already knocks it out of the park compared to OpenSSL and >> Mcrypt. If we want to talk about a higher-level abstraction-- such as >> what's provided by

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Sat, Jun 4, 2016 at 6:15 PM, Stanislav Malyshev wrote: > > Hi! > > > Let's begin discussing the prospect of adding libsodium as a core extension > > in PHP 7.1. I've updated the RFC to explain why this would be a good idea > > and the benefits it offers. > > > >

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On 6/5/2016 9:46 AM, Scott Arciszewski wrote: > ​Libsodium already ​knocks it out of the park compared to OpenSSL and > Mcrypt. If we want to talk about a higher-level abstraction-- such as > what's provided by paragonie/EasyRSA + defuse/php-encryption or > paragonie/halite-- I wholeheartedly

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On 6/5/2016 12:25 AM, Stanislav Malyshev wrote: > We don't really need the uniform part if we don't have the non-uniform > one. If the only one we get is uniform, and it's the one we actually > want, we should not spell it out in the name - we should name it > something like random_int or

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Sun, Jun 5, 2016 at 2:20 AM, Pierre Joye wrote: > > On Jun 5, 2016 5:15 AM, "Stanislav Malyshev" wrote: > > > > > The stated goal is "You shouldn't need a Ph.D in Applied Cryptography to > > build a secure web application." I fully agree with this

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Jun 5, 2016 5:15 AM, "Stanislav Malyshev" wrote: > > The stated goal is "You shouldn't need a Ph.D in Applied Cryptography to > build a secure web application." I fully agree with this goal. I however > feel that current implementation, while making admirable progress >

Re: [PHP-DEV] [RFC] Libsodium - Discussion

Hi! > For instance nonce arguments ... > > $nonce = randombytes_buf(CRYPTO_SECRETBOX_NONCEBYTES); > crypto_secretbox(... Speaking of which, what about just passing null there (or make it optional) that would make the function generate a new random nonce of suitable size? It's BTW would be

Re: [PHP-DEV] [RFC] Libsodium - Discussion

Hi! > Let's begin discussing the prospect of adding libsodium as a core extension > in PHP 7.1. I've updated the RFC to explain why this would be a good idea > and the benefits it offers. > > https://wiki.php.net/rfc/libsodium > > If the subsequent discussion goes smoothly, I would like to open

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On 3 June 2016 at 11:19, Björn Larsson wrote: > One could add that not all development / debugging is done through > an advanced IDE. Logging in to production server with SSH ending up > with a terminal window, only having Emacs or Vi at your disposal is > still valid

Re: [PHP-DEV] [RFC] Libsodium - Discussion

Den 2016-06-02 kl. 18:59, skrev Fleshgrinder: On 6/1/2016 9:46 PM, Ronald Chmara wrote: Hi. https://github.com/php/php-src/commit/aa203477bc24b1fadc16d65533c1749162260592 was my commit, put together as a result of discussions on this list (and sidebars). I can try to speak to it from memory.

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Thu, Jun 2, 2016 at 2:10 PM, Niklas Keller wrote: > 2016-06-02 19:36 GMT+02:00 Fleshgrinder : > >> On 6/1/2016 9:25 PM, Niklas Keller wrote: >> > Why does it directly extend throwable? >> > >> > Just a short node: the keys shouldn't be responsible for

Re: [PHP-DEV] [RFC] Libsodium - Discussion

2016-06-02 19:36 GMT+02:00 Fleshgrinder : > On 6/1/2016 9:25 PM, Niklas Keller wrote: > > Why does it directly extend throwable? > > > > Just a short node: the keys shouldn't be responsible for signing / > > verification. > > > > This was not a real proposal, I only wanted

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On 6/1/2016 9:25 PM, Niklas Keller wrote: > Why does it directly extend throwable? > > Just a short node: the keys shouldn't be responsible for signing / > verification. > This was not a real proposal, I only wanted to illustrate the potential for a nice OO implementation. The goal is it to

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On 6/1/2016 9:46 PM, Ronald Chmara wrote: > Hi. > https://github.com/php/php-src/commit/aa203477bc24b1fadc16d65533c1749162260592 > was my commit, put together as a result of discussions on this list > (and sidebars). I can try to speak to it from memory. > >> Note that it also encourages this

Re: [PHP-DEV] [RFC] Libsodium - Discussion

hi Scott, On Wed, Jun 1, 2016 at 2:49 PM, Scott Arciszewski wrote: > Hi PHP Internals Team, > > Let's begin discussing the prospect of adding libsodium as a core extension > in PHP 7.1. I've updated the RFC to explain why this would be a good idea > and the benefits it

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Wed, Jun 1, 2016 at 10:26 AM, Fleshgrinder wrote: > On 6/1/2016 12:48 PM, Marco Pivetta wrote: >> I also agree with Remi on naming: let's avoid calling the extension >> `libsodium`. > On 6/1/2016 12:48 PM, Marco Pivetta wrote: >> 1. is there a particular reason why

Re: [PHP-DEV] [RFC] Libsodium - Discussion

Fleshgrinder schrieb am Mi., 1. Juni 2016 19:26: > On 6/1/2016 12:48 PM, Marco Pivetta wrote: > > > I also agree with Remi on naming: let's avoid calling the extension > > `libsodium`. > > > > I agree here too. > > On 6/1/2016 12:48 PM, Marco Pivetta wrote: > > 1. is

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On 6/1/2016 7:53 PM, Scott Arciszewski wrote: > ​Well, for what it's worth, I did write https://github.com/paragonie/halite > ​ as a high-level abstraction. > This looks over engineered too me, no offense! On 6/1/2016 7:53 PM, Scott Arciszewski wrote: > The goal of this RFC is to get the

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Wed, Jun 1, 2016 at 1:26 PM, Fleshgrinder wrote: > On 6/1/2016 12:48 PM, Marco Pivetta wrote: > > > I also agree with Remi on naming: let's avoid calling the extension > > `libsodium`. > > > > I agree here too. > > On 6/1/2016 12:48 PM, Marco Pivetta wrote: > > 1. is

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On 6/1/2016 12:48 PM, Marco Pivetta wrote: > I also agree with Remi on naming: let's avoid calling the extension > `libsodium`. > I agree here too. On 6/1/2016 12:48 PM, Marco Pivetta wrote: > 1. is there a particular reason why abbreviations are used? For instance, > why

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Wed, Jun 1, 2016 at 9:46 AM, Marco Pivetta wrote: > On 1 June 2016 at 15:45, Scott Arciszewski wrote: > >> On Wed, Jun 1, 2016 at 6:48 AM, Marco Pivetta wrote: >> >>> Hey Scott, >>> >>> On 1 June 2016 at 09:49, Scott Arciszewski

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Wed, Jun 1, 2016 at 9:46 AM, Marco Pivetta wrote: > On 1 June 2016 at 15:45, Scott Arciszewski wrote: > >> On Wed, Jun 1, 2016 at 6:48 AM, Marco Pivetta wrote: >> >>> Hey Scott, >>> >>> On 1 June 2016 at 09:49, Scott Arciszewski

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On 1 June 2016 at 15:45, Scott Arciszewski wrote: > On Wed, Jun 1, 2016 at 6:48 AM, Marco Pivetta wrote: > >> Hey Scott, >> >> On 1 June 2016 at 09:49, Scott Arciszewski wrote: >> >>> Hi PHP Internals Team, >>> >>> Let's begin

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Wed, Jun 1, 2016 at 6:48 AM, Marco Pivetta wrote: > Hey Scott, > > On 1 June 2016 at 09:49, Scott Arciszewski wrote: > >> Hi PHP Internals Team, >> >> Let's begin discussing the prospect of adding libsodium as a core >> extension >> in PHP 7.1. I've

Re: [PHP-DEV] [RFC] Libsodium - Discussion

Hey Scott, On 1 June 2016 at 09:49, Scott Arciszewski wrote: > Hi PHP Internals Team, > > Let's begin discussing the prospect of adding libsodium as a core extension > in PHP 7.1. I've updated the RFC to explain why this would be a good idea > and the benefits it offers. >

Re: [PHP-DEV] [RFC] Libsodium - Discussion

Le 01/06/2016 à 09:49, Scott Arciszewski a écrit : > Hi PHP Internals Team, > > Let's begin discussing the prospect of adding libsodium as a core extension > in PHP 7.1. I've updated the RFC to explain why this would be a good idea > and the benefits it offers. > >

Re: [PHP-DEV] [RFC] Libsodium - Discussion

On Wed, Jun 1, 2016 at 9:49 AM, Scott Arciszewski wrote: > Hi PHP Internals Team, > > Let's begin discussing the prospect of adding libsodium as a core extension > in PHP 7.1. I've updated the RFC to explain why this would be a good idea > and the benefits it offers. > >

[PHP-DEV] [RFC] Libsodium - Discussion

Hi PHP Internals Team, Let's begin discussing the prospect of adding libsodium as a core extension in PHP 7.1. I've updated the RFC to explain why this would be a good idea and the benefits it offers. https://wiki.php.net/rfc/libsodium If the subsequent discussion goes smoothly, I would like to

[PHP-DEV] [RFC] Libsodium (bump)

Quick update: https://github.com/jedisct1/libsodium/commit/20bf121fcde3104babede887980be835e07b10dd Looks like libsodium 1.0.9 will be out soon, which means ext/sodium 1.0.3 will follow, and then we can get the RFC fleshed out and ready for voting soon after. (As a reminder from the previous

Re: [PHP-DEV] [RFC] Libsodium (bump)

On Sat, Mar 19, 2016 at 4:30 AM, Fleshgrinder wrote: > On 3/18/2016 9:56 PM, Levi Morrison wrote: > >> At least that's not what it says in the docs. > > > > I meant: at least according to the docs: > > http://php.net/manual/en/language.namespaces.rationale.php > > > >>

Re: [PHP-DEV] [RFC] Libsodium (bump)

Hi all, On Thu, Mar 17, 2016 at 2:57 AM, Fleshgrinder wrote: > On 3/15/2016 11:02 PM, Yasuo Ohgaki wrote: >> Hi Scott, >> >> On Wed, Mar 16, 2016 at 2:40 AM, Scott Arciszewski >> wrote: >>> Question: If this extension is adopted, which syntax would

Re: [PHP-DEV] [RFC] Libsodium (bump)

On 3/15/2016 11:02 PM, Yasuo Ohgaki wrote: > Hi Scott, > > On Wed, Mar 16, 2016 at 2:40 AM, Scott Arciszewski > wrote: >> Question: If this extension is adopted, which syntax would you prefer? >> >> \Sodium\func() >> Sodium::func() >> sodium_func() > > I prefer

Re: [PHP-DEV] [RFC] Libsodium (bump)

On 3/18/2016 9:56 PM, Levi Morrison wrote: >> At least that's not what it says in the docs. > > I meant: at least according to the docs: > http://php.net/manual/en/language.namespaces.rationale.php > >> Namespace names PHP and php, and compound names starting with these names >> (like

Re: [PHP-DEV] [RFC] Libsodium (bump)

> 1. PHP already has its reserved namespace, the global one *\*. > 2. Is it *\PHP* or *\Php*? This opens a huge can of worms. We've technically only reserved PHP and php but it is case insensitive anyway. PHP *does not* reserve the global namespace. At least that's not what it says in the docs.

Re: [PHP-DEV] [RFC] Libsodium (bump)

> At least that's not what it says in the docs. I meant: at least according to the docs: http://php.net/manual/en/language.namespaces.rationale.php > Namespace names PHP and php, and compound names starting with these names > (like PHP\Classes) are reserved for internal language use and should

Re: [PHP-DEV] [RFC] Libsodium (bump)

On 3/17/2016 4:04 AM, Yasuo Ohgaki wrote: > The only problem with this is "It looks inconsistent with existing > module functions". We may consider how we are going to use namespaces > for extensions in general. I like the idea > > \ModuleName\function_name > > for all extension functions,

Re: [PHP-DEV] [RFC] Libsodium (bump)

Noted and agreed. On Mar 15, 2016 9:56 PM, "David Zuelke" wrote: > I think I've said this before; please call it ext-sodium, not > ext-libsodium. > > David > > > > On 15.03.2016, at 18:40, Scott Arciszewski wrote: > > > > Link to RFC:

Re: [PHP-DEV] [RFC] Libsodium (bump)

I think I've said this before; please call it ext-sodium, not ext-libsodium. David > On 15.03.2016, at 18:40, Scott Arciszewski wrote: > > Link to RFC: https://wiki.php.net/rfc/libsodium > > I'd like to bump the RFC to make Libsodium a core extension, as per > Ferenc's

Re: [PHP-DEV] [RFC] Libsodium (bump)

Hi Scott, On Wed, Mar 16, 2016 at 2:40 AM, Scott Arciszewski wrote: > Question: If this extension is adopted, which syntax would you prefer? > > \Sodium\func() > Sodium::func() > sodium_func() I prefer both of Sodium::func() sodium_func() IMO, we are

Re: [PHP-DEV] [RFC] Libsodium (bump)

On Tue, Mar 15, 2016 at 1:59 PM, Fleshgrinder wrote: > On 3/15/2016 6:40 PM, Scott Arciszewski wrote: > > Link to RFC: https://wiki.php.net/rfc/libsodium > > > > I'd like to bump the RFC to make Libsodium a core extension, as per > > Ferenc's suggestion on the mcrypt RFC.

Re: [PHP-DEV] [RFC] Libsodium (bump)

On 3/15/2016 6:40 PM, Scott Arciszewski wrote: > Link to RFC: https://wiki.php.net/rfc/libsodium > > I'd like to bump the RFC to make Libsodium a core extension, as per > Ferenc's suggestion on the mcrypt RFC. > > Question: If this extension is adopted, which syntax would you prefer? > >

[PHP-DEV] [RFC] Libsodium (bump)

Link to RFC: https://wiki.php.net/rfc/libsodium I'd like to bump the RFC to make Libsodium a core extension, as per Ferenc's suggestion on the mcrypt RFC. Question: If this extension is adopted, which syntax would you prefer? \Sodium\func() Sodium::func() sodium_func() As it

Re: [PHP-DEV] [RFC] Libsodium

On Jan 11, 2016 5:22 AM, "Scott Arciszewski" wrote: > > On Sun, Jan 10, 2016 at 4:59 PM, Rowan Collins wrote: > > On 10/01/2016 21:41, Scott Arciszewski wrote: > >> > >> Hi Rowan, > >> > >>> >I think what people are suggesting is not that libsodium

Re: [PHP-DEV] [RFC] Libsodium

On Sun, Jan 10, 2016 at 4:31 PM, Rowan Collins wrote: > On 07/01/2016 16:11, Scott Arciszewski wrote: >> >> I'm personally not going to bother pushing >> for a pluggable crypto API if the only option is to use OpenSSL and >> all its legacy cruft. > > > I think what people

Re: [PHP-DEV] [RFC] Libsodium

On Sun, Jan 10, 2016 at 3:18 PM, Tom Worster wrote: > On 1/7/16 11:24 AM, Pierre Joye wrote: >> >> What I do not like too much is the addition of an extension with >> (relatively) low level functions for one specific library. It does not >> really matter how good is this specific

Re: [PHP-DEV] [RFC] Libsodium

On 1/10/16, 3:39 PM, "Scott Arciszewski" wrote: >On Sun, Jan 10, 2016 at 3:18 PM, Tom Worster wrote: >> On 1/7/16 11:24 AM, Pierre Joye wrote: >>> >>> What I do not like too much is the addition of an extension with >>> (relatively) low level functions for

Re: [PHP-DEV] [RFC] Libsodium

On 07/01/2016 16:11, Scott Arciszewski wrote: I'm personally not going to bother pushing for a pluggable crypto API if the only option is to use OpenSSL and all its legacy cruft. I think what people are suggesting is not that libsodium shouldn't be supported under-the-hood, just that the fact

Re: [PHP-DEV] [RFC] Libsodium

On 1/7/16 11:24 AM, Pierre Joye wrote: What I do not like too much is the addition of an extension with (relatively) low level functions for one specific library. It does not really matter how good is this specific library, I simply do not see such addition as a good strategic move. I also

Re: [PHP-DEV] [RFC] Libsodium

Hi Scott, On 10/01/2016 22:22, Scott Arciszewski wrote: And I'm of the opinion that most users need a library that does everything for them, and power users need a toolkit, and we shouldn't try to solve both use cases with the same library. I don't think anyone is arguing against that, they

Re: [PHP-DEV] [RFC] Libsodium

Can we call that extension "sodium" please without the "lib" prefix? David > On 07.01.2016, at 08:26, Scott Arciszewski wrote: > > Hi everyone, > > I've updated the RFC to make libsodium a core PHP extension in 7.1, to > include references to the online documentation. >

Re: [PHP-DEV] [RFC] Libsodium

On 10/01/2016 21:41, Scott Arciszewski wrote: Hi Rowan, >I think what people are suggesting is not that libsodium shouldn't be >supported under-the-hood, just that the fact you're using it shouldn't be >exposed to userland. These are separate concerns. Let's call them Sodium and SimpleSodium.

Re: [PHP-DEV] [RFC] Libsodium

On Sun, Jan 10, 2016 at 6:56 PM, David Zuelke wrote: > Can we call that extension "sodium" please without the "lib" prefix? > > David > > >> On 07.01.2016, at 08:26, Scott Arciszewski wrote: >> >> Hi everyone, >> >> I've updated the RFC to make libsodium a

Re: [PHP-DEV] [RFC] Libsodium

On Sun, Jan 10, 2016 at 4:59 PM, Rowan Collins wrote: > On 10/01/2016 21:41, Scott Arciszewski wrote: >> >> Hi Rowan, >> >>> >I think what people are suggesting is not that libsodium shouldn't be >>> >supported under-the-hood, just that the fact you're using it shouldn't

[PHP-DEV] [RFC] Libsodium

Hi everyone, I've updated the RFC to make libsodium a core PHP extension in 7.1, to include references to the online documentation. https://wiki.php.net/rfc/libsodium All new functions and classes would exist in the Sodium namespace. e.g. $ciphertext = \Sodium\crypto_box($message, $nonce,

Re: [PHP-DEV] [RFC] Libsodium

On Thu, Jan 7, 2016 at 10:20 AM, Bishop Bettini wrote: > On Thu, Jan 7, 2016 at 8:26 AM, Scott Arciszewski > wrote: >> >> I've updated the RFC to make libsodium a core PHP extension in 7.1, to >> include references to the online documentation. >> >>

Re: [PHP-DEV] [RFC] Libsodium

On Thu, Jan 7, 2016 at 10:51 AM, Pierre Joye wrote: > HI Scott, > > On Thu, Jan 7, 2016 at 8:26 PM, Scott Arciszewski wrote: >> Hi everyone, >> >> I've updated the RFC to make libsodium a core PHP extension in 7.1, to >> include references to the online

Re: [PHP-DEV] [RFC] Libsodium

Pierre, >> Even if we axe mcrypt and in with a net-gain of 0 extensions, you'd >> see it as a risk? > > Except that we already refused to kill mcrypt, and it is not like I > did not try to convince us to kill it. We decided not to kill it for 7.0. That doesn't mean it got a permanent buy... >>

Re: [PHP-DEV] [RFC] Libsodium

On Thu, Jan 7, 2016 at 10:52 AM, Rouven Weßling wrote: > Hi Scott, > > questions inline. > >> On 07 Jan 2016, at 14:26, Scott Arciszewski wrote: >> >> I've updated the RFC to make libsodium a core PHP extension in 7.1, to >> include references to the

Re: [PHP-DEV] [RFC] Libsodium

Anthony Ferrara in php.internals (Thu, 7 Jan 2016 11:30:14 -0500): >I agree with you in principle, but in this particular case I think >that there's enough justification considering how measurably bad >mcrypt is, and how little some people trust openssl. OTH, OpenSSL has made progress and the

Re: [PHP-DEV] [RFC] Libsodium

On Thu, Jan 7, 2016 at 11:58 AM, Jan Ehrhardt wrote: > Anthony Ferrara in php.internals (Thu, 7 Jan 2016 11:30:14 -0500): >>I agree with you in principle, but in this particular case I think >>that there's enough justification considering how measurably bad >>mcrypt is, and

Re: [PHP-DEV] [RFC] Libsodium

Hi Scott, questions inline. > On 07 Jan 2016, at 14:26, Scott Arciszewski wrote: > > I've updated the RFC to make libsodium a core PHP extension in 7.1, to > include references to the online documentation. > > https://wiki.php.net/rfc/libsodium I know this is made

Re: [PHP-DEV] [RFC] Libsodium

HI Scott, On Thu, Jan 7, 2016 at 8:26 PM, Scott Arciszewski wrote: > Hi everyone, > > I've updated the RFC to make libsodium a core PHP extension in 7.1, to > include references to the online documentation. > > https://wiki.php.net/rfc/libsodium > > All new functions and

Re: [PHP-DEV] [RFC] Libsodium

On Thu, Jan 7, 2016 at 10:54 AM, Scott Arciszewski wrote: > On Thu, Jan 7, 2016 at 10:52 AM, Rouven Weßling > wrote: >> Hi Scott, >> >> questions inline. >> >>> On 07 Jan 2016, at 14:26, Scott Arciszewski wrote: >>> >>> I've

Re: [PHP-DEV] [RFC] Libsodium

On Thu, Jan 7, 2016 at 11:11 PM, Scott Arciszewski wrote: > On Thu, Jan 7, 2016 at 10:51 AM, Pierre Joye wrote: >> HI Scott, >> >> On Thu, Jan 7, 2016 at 8:26 PM, Scott Arciszewski >> wrote: >>> Hi everyone, >>> >>> I've updated