Thanks @Michael for the context! > 2020-10-28 01:53:06 UTC - jia zhai: we could consider that in the future. current way is to align with the old manner. usually user will provide their own security jars, such as BouncyCastle, and non-fips version maybe used in a more wide range.
That's valuable, but if we use the BouncyCastle stuff + FIPS compliance, it would be better(From a safety point of view). I will try to communicate with jia offline. > Also, do we need to update our cryptography notice on our README about our bouncy castle usage [4] if we make this the default? Sure, we should update this notice. Right now we are using the `Conscrypt` and `netty-tcnative` to provide the SSL. Thanks, Zixuan Michael Marshall <mmarsh...@apache.org> 于2023年2月23日周四 04:11写道: > I am +1, but I am not familiar with the nuanced differences of these > jars, so it'd be valuable to get other opinions, too. > > I tried to understand why the default is the way it is, and it looks > like Jia Zhai was involved in the initial work [0]. > > I see in the slack digest on our mailing list that there is an > indication that we could make the FIPS version the default. Here are > some relevant messages from the ML [1][2][3] > > > 2020-10-26 06:43:48 UTC - Anup Ghatage: I noticed that Pulsar doesn’t > have BouncyCastle FIPS switched on by default but the documentation leaves > it up to the implementers to choose. > Is there any specific reason for this? I thought BC-FIPS comes with > the usual BouncyCastle stuff + FIPS compliance (which would be a good > thing) right? > > 2020-10-26 08:37:13 UTC - Sijie Guo: @jia zhai would have a better > answer for it. > > 2020-10-26 12:59:16 UTC - jia zhai: @Sijie Guo @Anup Ghatage right, > there is no specific reason for this. It seems be more related to the > project building, we may need to config the profile to build different bc > type. but this seems a little hard in maven:joy:. > It would be helpful, if anyone would like to contribute to this feature. > > 2020-10-26 16:31:57 UTC - Anup Ghatage: I’m thinking why not keep it on > by default? There aren’t any API differences for the most part. That way > Pulsar will be FIPS compliant all the time. > > 2020-10-28 01:53:06 UTC - jia zhai: we could consider that in the > future. current way is to align with the old manner. usually user will > provide their own security jars, such as BouncyCastle, and non-fips version > maybe used in a more wide range. > > Also, do we need to update our cryptography notice on our README about > our bouncy castle usage [4] if we make this the default? > > Thanks, > Michael > > [0] https://github.com/apache/pulsar/pull/6588 > [1] https://lists.apache.org/thread/fln8o94t0gxnd54fr7tn4hrjp23mj48r > [2] https://lists.apache.org/thread/xmrhyo1fkdhm4l9xz0t66yk5pk5g5f6p > [3] https://lists.apache.org/thread/fs8rx620oq7q7px1mqs3k7qdoz3oz0s4 > [4] https://github.com/apache/pulsar#crypto-notice > > On Wed, Feb 22, 2023 at 7:56 AM Zixuan Liu <node...@gmail.com> wrote: > > > > > 1. What is FIPS? > > > > FIPS (Federal Information Processing Standards) are a set of standards > that > > describe document processing, encryption algorithms and other information > > technology standards for use within non-military government agencies and > by > > government contractors and vendors who work with the agencies. > > > > > 2. Why is the FIPS version safer exactly? > > > > FIPS standard is strict. When using the FIPS version, this is also very > > strict and standard. > > > > > 3. What is bouncycastle used exactly in Pulsar? > > > > We use the bouncycastle as the TLS provider, and used for the end-to-end > > message encryption. > > > > Thanks, > > Zixuan > > > > Asaf Mesika <asaf.mes...@gmail.com> 于2023年2月22日周三 21:23写道: > > > > > Can you elaborate a bit: > > > 1. What is FIPS? > > > 2. Why is the FIPS version safer exactly? > > > 3. What is bouncycastle used exactly in Pulsar? > > > > > > > > > > > > On Wed, Feb 22, 2023 at 11:58 AM Zixuan Liu <node...@gmail.com> wrote: > > > > > > > Hi all, > > > > > > > > I would like to discuss using the bouncycastle fips instead of the > > > > bouncycastle non-fips. > > > > > > > > The bouncycastle is a Java library that complements the default Java > > > > Cryptographic Extension (JCE), which has two versions: fips version > and > > > > non-fips version. > > > > > > > > The fips version is safer than non-fips. When the security level is > very > > > > high, many policies require the fips version, but the Pulsar default > uses > > > > the non-fips version. Switch this is complex, because > > > > the `pulsar-client-messagecrypto-bc` module and root project depends > on > > > the > > > > non-fips, so I suggest we switch to fips version from non-fips. > > > > > > > > Reference: > > > > - https://www.bouncycastle.org/ > > > > - https://www.bouncycastle.org/fips_faq.html > > > > - > https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards > > > > > > > > Thanks, > > > > Zixuan > > > > > > > >
