Hi Scott, I personally think the RFC is a bit short, also I just had a very brief look at the documentation of the extension in question, and find its API a bit strange, whats up with having everything in static method calls?
regards, PP 2015-05-21 3:15 GMT+02:00 Scott Arciszewski <sc...@paragonie.com>: > Hi Internals Team, > > I'm sure everyone is really focused (and excited) for PHP 7.0.0 later this > year, and many of you might not want to discuss what 7.1.x looks like yet. > > The current state of cryptography in PHP is, well, abysmal. Our two main > choices for handling symmetric cryptography are libmcrypt (collecting dust > since 2007) and openssl, which lacks a streaming API (e.g. mcrypt_generic) > and GCM support. > > While mcrypt is slowly decomposing in the corner and code is being > desperately migrated towards openssl in case a critical vulnerability is > discovered in the abandonware choice, the libsodium extension has been > growing steadily. Thanks to Remi, it should soon be compatible with both > PHP 5.x and 7.x (decided at compile-time). The libsodium library itself has > landed in Debian 8 and Ubuntu 15.04 and adoption is expected to persist by > the next Ubuntu LTS is released. > > I think now is a good time to talk about the possibility of making > libsodium a core PHP extension, depending on where things are when we near > the 7.1 feature freeze. > > I've just opened an RFC for precisely this purpose: > https://wiki.php.net/rfc/libsodium > > Regards, > > Scott Arciszewski > Chief Development Officer > Paragon Initiative Enterprises <https://paragonie.com> > -- Peter Petermann Email: ppeterman...@gmail.com - get my public PGP key from SKS Keyservers PGP Key: http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x0E6DBD675836A5C7
