Can you elaborate a bit: 1. What is FIPS? 2. Why is the FIPS version safer exactly? 3. What is bouncycastle used exactly in Pulsar?
On Wed, Feb 22, 2023 at 11:58 AM Zixuan Liu <node...@gmail.com> wrote: > Hi all, > > I would like to discuss using the bouncycastle fips instead of the > bouncycastle non-fips. > > The bouncycastle is a Java library that complements the default Java > Cryptographic Extension (JCE), which has two versions: fips version and > non-fips version. > > The fips version is safer than non-fips. When the security level is very > high, many policies require the fips version, but the Pulsar default uses > the non-fips version. Switch this is complex, because > the `pulsar-client-messagecrypto-bc` module and root project depends on the > non-fips, so I suggest we switch to fips version from non-fips. > > Reference: > - https://www.bouncycastle.org/ > - https://www.bouncycastle.org/fips_faq.html > - https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards > > Thanks, > Zixuan >
