Missing functionality, and possible bounty targets

bounty

#1

I’d like to collect a list of missing functionality that we need, and might be possible targets for a bounty.

One thing we need and is missing is ECHDE in the list of supported cipher suites.

Cyphre has a list of things to do and perhaps we could ask him to add these if we can raise the appropriate bounty?


#2

I would definitely put money towards a modern encryption suite, like libsodium.

Also, if I am understanding correctly, Ren-C does not have a VID dialect yet. So that and anything that gets us closer to Android I would support too.


#3

The idea that Rebol would have its own usermode TLS code is a bit strange–it’s something I thought was kind of an unusual investment of effort when I first saw it.

But it is also a bit interesting, in that it means there’s an opportunity for people to have a somewhat readable and more “executable spec” version of what’s going on to dig into. Not all cryptographic code is very accessible.

Having your own code means having your own vulnerabilities, bugs, and being behind the curve. So decisions need to be made about things like the TLS code…is it something that can be invested in, enhanced, and used as a showpiece of Rebol prowess? Or is it best thought of as some code that has been around and helped serve as a test case and lesson?

Yet if every time a problem comes up with a piece of Rebol code, if it’s easier to replace it with some commodity component than to fix the Rebol solution and keep it small and high-leverage–then the project is probably a failed idea. So that can’t be the answer to every issue.


#4

The Rebol code does the handshaking etc but the cipher suites are actually done in open source libraries which are pretty old.


#5

Seconding @BrianOtto suggestion of incorporating libSodium which is also used by 0MQ.