Comments (7)
jedisct1
commented on May 12, 2024
The current CurveCP code is currently a proof of concept, and as you pointed out, some people have suggested possible ways to improve the protocol itself.
To make it useable, the libcurvecp API will change and the protocol will change. While it's being worked on, things can be broken and big bad bugs can be introduced. So I think that enabling it by default is a bit premature, especially since it doesn't work on Windows for now.
from libsodium.
tarcieri
commented on May 12, 2024
My motivation is I'd like to develop some software which targets CurveCP, not with the intention of shipping it right away, but with the goal of eventually integrating with a "beta quality release". I intend to have large "experimental" warnings all over my software for quite some time. I'd like for other developers of the software, or perhaps early adopters who aren't, say, fighting an oppressive regime to be able to experiment with CurveCP-based software without having to build from source.
I think if these concerns about the highly experimental nature of CurveCP can be communicated to end users of the software effectively enough, it isn't irresponsible to include it by default.
Some other problems: right now we're integration testing RbNaCl against libsodium release tarballs on Travis. If we wanted to add an experimental CurveCP API (still need to make an issue for this on the RbNaCl tracker) we couldn't use the release tarballs, but would have to build from source.
I totally understand if you want to keep CurveCP out by default, and I agree that it shouldn't be there unless there's Sodium documentation in place to make sure nobody chances upon it and starts using it without being aware of its experimental status. However, at the same time, I want to improve traction among early adopters who have been made fully aware of its experimental status, especially when Rome is burning. I honestly think we need a replacement for TLS sooner than later, and CurveCP is our best bet.
from libsodium.
tarcieri
commented on May 12, 2024
Perhaps this suitably warns a potential user that they're playing with plutonium?
from libsodium.
jedisct1
commented on May 12, 2024
Does Travis actually prevents using autoconf flags?
My concern, besides Windows, is about package maintainers. They probably don't want experimental code to be part of their packages.
We can enable it by default and turn --enable-curvecp into --disable-curvecp, though.
from libsodium.
tarcieri
commented on May 12, 2024
That alone would be awesome
from libsodium.
tarcieri
commented on May 12, 2024
Opened an issue on RbNaCl:
from libsodium.
jedisct1
commented on May 12, 2024
Ok, after discussion, a new project, libchloride, will handle the networking part.
from libsodium.
Related Issues (20)
- [Some error I got when I am implementing commitment scheme based on lib sodium] HOT 1
- AEGIS-[128,256]X HOT 2
- Cross platform decrypting
- strict-aliasing violation in blkxor pwhash_scryptsalsa208sha256_nosse.c HOT 1
- Test failing during pip install as a dependency of pynacl==1.5.0 on arm64/apple m1 image building HOT 1
- macOS randombytes_buf infinite loop HOT 14
- Chacha/box tests segfault when compiling with LLVM Polly HOT 1
- support for veilid crypto HOT 4
- aarch64 build fails after updating from 1.0.18 to 1.0.19 HOT 2
- android-ndk-r26-rc1 build error for stable HOT 6
- Why soname change from 23 to 26 HOT 1
- [UB] memcpy could be called on null dst pointer in function escrypt_r HOT 2
- Shouldn't crypto_pwdhash_PRIMITIVE be 'argon2id' ? HOT 1
- LATEST.tar.gz.sig is missing HOT 1
- Request to add amalgamation build HOT 2
- Compilation issues
- Build tries to use AVX on i386 when no support for them available HOT 9
- 64 bytes for the hash in `crypto_box_curve25519xsalsa20poly1305_seed_keypair(..)`? HOT 1
- Sodium.Core Nuget package version 1.3.4 is not getting installed in .Net 4.8 project HOT 1
- Support for Windows Arm64
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libsodium.