On 6/5/2016 9:46 AM, Scott Arciszewski wrote: > Libsodium already knocks it out of the park compared to OpenSSL and > Mcrypt. If we want to talk about a higher-level abstraction-- such as > what's provided by paragonie/EasyRSA + defuse/php-encryption or > paragonie/halite-- I wholeheartedly endorse that discussion. But I don't > think we should try to solve that problem with this particular RFC. > > In closing, I don't disagree that a simple crypto API is a good goal to > have. I just think the ideal you're discussing is: > > A. Out of scope, and > B. Kind of belittling to how much of an improvement libsodium is to what we > already have. >
You are completely ignoring that once this is out the door there is no way back. We already see many problems in the current API and we should address them until we reach a point where the majority does not see major problems anymore. Doing anything else is just irresponsible! -- Richard "Fleshgrinder" Fussenegger
signature.asc
Description: OpenPGP digital signature
