On Sun, Jan 10, 2016 at 4:31 PM, Rowan Collins <rowan.coll...@gmail.com> wrote: > On 07/01/2016 16:11, Scott Arciszewski wrote: >> >> I'm personally not going to bother pushing >> for a pluggable crypto API if the only option is to use OpenSSL and >> all its legacy cruft. > > > I think what people are suggesting is not that libsodium shouldn't be > supported under-the-hood, just that the fact you're using it shouldn't be > exposed to userland. A PDO-like encryption interface (which as I understand > it is not what you proposed in your other thread) would allow us to add > libsodium in such a way that a relatively painless migration path can be > created if it goes the way of mcrypt. So the pluggable API removes the need > for any of the sodium_* / Sodium::* / \Sodium\* functions. > > Regards, > > -- > Rowan Collins > [IMSoP] > > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php >
Hi Rowan, > I think what people are suggesting is not that libsodium shouldn't be > supported under-the-hood, just that the fact you're using it shouldn't be > exposed to userland. These are separate concerns. Let's call them Sodium and SimpleSodium. With Sodium, power users gain the ability to write software that directly uses low-level primitives in PHP without requiring their users to install dependencies (i.e. from PECL). Halite 2.0.0 is going to ship with an API for Axolotl, which is the ratcheting protocol used by Signal (formerly TextSecure + RedPhone). Being able to offer Signal integration in SMS-based two factor authentication schemes is a very attractive proposition; even moreso if Sodium is a core extension. SimpleSodium is a driver for the simple cryptography wrapper. You can have SimpleSodium without Sodium, but if we don't get Sodium into core I will, personally, not be putting forth one more ounce of time or effort into helping the PHP core so who knows maybe not? Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com> -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
