Hi! > 1. Pluggable Cryptography Frontend > > Work is currently underway for a PHP prototype for this idea > originally suggested by ircmaxell, that will basically be like PDO for > cryptography. Our current project name, subject to change, is PHP > Crypto Objects (PCO).
It would be nice to see full RFC (or other extensively documented proposal) about this. I like the idea, though I wonder isn't mcrypt essentially doing the same? It would be nice to see the description of the added value provided over mcrypt, openssl, etc. extensions. > 2. Cache-timing-safe character encoding functions > > Alternatives for existing functions that should function like their > unsafe counterparts, but without branches or data-based index lookups. > > * hex2bin() -> hex2bin_ts() > * bin2hex() -> bin2hex_ts() > * base64_encode() -> base64_encode_ts() > * base64_decode() -> base64_decode_ts() Why specifically these functions? It would be nice to hear rationale for this. > * Improving the OpenSSL API, or at least the documentation Improving documentation is always a worthy goal! > * Adding streaming encryption/decryption support to OpenSSL Hm... Implementing streaming cyphers right is not trivial, and if we'd be doing our own crypto (as opposed to providing API to existing libraries) we need a real lot of review to be confident it's done right. > What I need from you is guidance on what features or changes you want > to see in 7.1 and which can be put off until later (or never proposed > as an RFC at all). > > Seriously, all I need is your opinion and whether or not you'd like to > see any of these happen. If you have specific implementation details > you'd like to discuss or requests, of course those are welcome too. :D I think it'd be nice to see more details on the proposal. I.e. "improving OpenSSL API" - how? PCO - great, but what API would it offer and how that API is better than what we have now? The idea of making crypto easier is great, but if we want to make specific plans as of which features we want, we need more detailed proposals I think. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
