Encryption : having an alternative
Issue generated from Tuleap's migration script. Originally submitted by: (daoumilseitek)
I suggest having an alternative way of encryption. While GnuTLS is good, you never know what can happen with cryptography. Wether it's implementation, protocol or maths that are broken, it is generally hard to make a fix and might take a while.
I would recommend NaCl crypo lib, as it seems reliable (elliptic curves and all these fancy things) :
https://en.wikipedia.org/wiki/NaCl_(software)
What about retro-compatibility though ? I think we can have some retro-compatible key sharing, such as :
gnutls_key:nacl_key
and one can choose to use either one or let the default be chosen depending on the security context, old versions of software can still use just
gnutls_key