0.8.x and beyond roadmap/TODO

[dlongley]

Due to #202, I'm doing a quick dump of what's currently on the roadmap/TODO:

• [ ] 1. Switching the APIs over to all use forge buffers to solve two problems: recurring issues/misunderstandings with binary/text encoding and to support TypedArrays (and maybe other backends like node Buffers) where available. This work is being done on the 0.8.x branch. We want to get these changes in and improve the API before any other big changes occur in the library. Helping people solve encoding issues that they shouldn't have to deal with is one of the biggest non-development uses of time related to the project right now. See also: #146.
• [x] 2. Some prep work for supporting TLS 1.2 (currently TLS 1.1 is the most recent version supported) which is also being done the buffer-based-api branch. Full support for TLS 1.2 will follow after this branch is merged and the newer APIs are available. See: #204.
• [ ] 3. Diffie-Hellman support, see: #160.
• [ ] 4. ECC support, see: #116, #532. (Ed25519 added in 0.7.4)
• [ ] 5. Use of the new WebCrypto API, where available, and where it makes sense. The new WebCrypto API doesn't yet support a streaming/continuous operation-based API (eg: start(), update(), finish()), it just has one-off operation calls that must be provided all data at once, so use of this may be more limited than we would want.
• [x] 6. Support for a new build system that removes boilerplate from individual files, handles build complexity for the variety of supported platforms/module loaders, etc. We want to support more ways to get forge into projects, get it in there more easily, clean up how modules are written and make updating them easier/more accessible to contributors, etc. See: #126, #156, #198.
• [x] 7. Better and more comprehensive testing. Some adjusting of the test infrastructure to make it easier to understand where to put new tests and how to write them, etc. is also desirable. See also: #51.
• [ ] 8. Potentially split the project up into submodules and better isolate various crypto implementations to better ensure reuse and make it easier to deal with domain-specific bugs. See: #34.
• [ ] 9. Better documentation and many more examples on the github pages.
• [ ] 10. There's probably more to the list -- we need checkbox-ify it, etc. So, better TODO/roadmap documentation, add milestones, organize issues, etc.
• [x] 11. PKCS#7 SignedData support. See: #190.
• [ ] 12. Drop support for flash in 0.8; prefer WebSockets and/or plugins/other available raw socket APIs (depends on the environment).
• [x] 13. Implement new MessageDigest API. See #172.
• [ ] 14. Make SHA-256 the default for hashes instead of SHA-1.

[dlongley]

UPDATE: the old targeted 0.7.x has been pushed to 0.8.x. We will be releasing 0.7.x with fixes to the build system instead of fixes to buffers, etc.

It's looking like 0.7.0 will focus primarily on 1, 2, 12, and 13. Versions 0.7.x may see incremental support for new features as they come along (eg: 11 is likely to land in 0.7.x).

An overhaul of the build system and modules is targeted for 0.8 (numbers 6, 7, 8, 9).

General refactoring and clean up of the TLS engine and other crufty APIs (though hopefully nothing too drastic like 0.7) is for 0.9. This will likely involve making the implementation and API async and may/may not involve switching to use an EventEmitter(-like) API.

Numbers 3 and 4 will land when time permits but should be after 0.7 (could be 0.7.x). TLS 1.2 support can be achieved (with minimal cipher suite support) during 0.7.x if time permits, but it may slip to a later version. We'll need Diffie-Hellman for better TLS 1.2 cipher suite support.

[jmtavares]

Do you have any update on point 11?

1. PKCS#7 SignedData support (work presently in progress). See: #190.

[dlongley]

Do you have any update on point 11?

A version of forge with PKCS#7 SignedData support should be pushed out in roughly 2-3 weeks.

[jmtavares]

Do you have any branch with it?

[BaurzhanSakhariev]

Will be there any parameter to generate attached or detached PKCS#7 signature? It would be very useful.

I mean something like this:

signature = createPkcs7(data, false) // get pure signature, without data
signature = createPkcs7(data,true)  // get pkcs7 signature with attached data

[dlongley]

@yconoclast,

Do you have any branch with it?

Yes, it was in the pkcs7-sign branch, but it has now been merged to master. It's available in 0.6.34 and there's an example for use on the README.

@BaurzhanSakhariev,

A request for a detached signature feature should be added as a separate issue.

[sanaullah82]

Any update on ECC support, see: #116 no4 on the roadmap, is it in development or done?

[davidlehn]

@sanaullah82 Ed25519 support added in 0.7.4.