Hi Jeff, can you make this comment in the PR https://github.com/apache/kafka/pull/7090, instead of the vote thread. Let's move the discussion there.
On Tue, Aug 6, 2019 at 10:26 AM Jeff Huang <jeff.hu...@confluent.io> wrote: > > > On 2019/07/29 19:22:02, Sandeep Mopuri <mpr...@gmail.com> wrote: > > Hi all, after some good discussion > > <https://www.mail-archive.com/dev@kafka.apache.org/msg99419.html> about > the > > KIP > > < > https://cwiki.apache.org/confluence/display/KAFKA/KIP-492%3A+Add+java+security+providers+in+Kafka+Security+config > >, > > I'm starting the voting. > > > > This KIP proposes adding new security configuration to accept custom > > security providers that can provide algorithms for SSL or SASL. > > > > -- > > Thanks, > > M.Sai Sandeep > > > > Hello, > > How do we handle a scenario that some providers require more information > for installing providers? > > For instance, Bouncy Castle(BC) provider requires input parameter > "fips:BCFIPS" for enabling FIPS mode. > Example: > Static Configuration in java.security file: > security.provider.1=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider > fips:BCFIPS > Dynamic Installation > Security.addProvider(new BouncyCastleJsseProvider(“fips:BCFIPS”)) > > So I suggested we might consider providing more info for the new config > property, example like: > security.provider.info=classname of provider/name of provider/initial > parameters, > Example for BC case: > security.provider.info > =org.bouncycastle.jsse.provider.BouncyCastleJsseProvider/BC/fips:BCFIPS,sun.security.provider.Sun/SUN, > Basically info for each provider will consist of three pieces information: > name of class, name of provider(for unit testing purpose),initial parameter > for instantiating class. > Still use comma "," for separating each provider info. > > Jeff Huang, > > > -- Thanks, M.Sai Sandeep
