search

dalek-cryptography / x25519-dalek

X25519 elliptic curve Diffie-Hellman key exchange in pure-Rust, using curve25519-dalek.
BSD 3-Clause "New" or "Revised" License
326 stars 132 forks source link

Optional `Secret` types via features #114

Closed pinkforest closed 11 months ago

pinkforest commented 1 year ago

ReusableSecret is optional feature

Should StaticSecret be optional that can also make rand_core optional ?

To that matter should EphemeralSecret be optional as well ? :thinking:

tarcieri commented 1 year ago

To me this crate's whole purpose is providing a simple interface for ECDHE.

If people want patterns that go beyond ECDHE, they should be using curve25519-dalek directly, IMO.

pinkforest commented 1 year ago

Yup so we can make StaticSecret optional (with it's warning) and leave EphemeralSecret as ECDHE "baseline"

But maybe another crate can do ReusableSecret StaticSecret perhaps.. with a strong warnign

E.g. we could deprecate it as optional and tell it will go away at some stage whilst keeping it for forward compat ?

This would give the existing downstream possibility to migrate at least to recent curve whilst looking at options replacing Reusable/StaticSecret if so - and we can track who uses the feature/s as now StaticSecret isn't optional we can't track who uses it.

pinkforest commented 11 months ago

StaticSecret was made optional so this can be closed