> So it means the change is only on the client side, not the broker side?
pulsar-functions also depend on BC. In the Pulsar, we only use the BC or
BC-FIPS, right now we are using the BC.
> we could consider that in the future. current way is to align with the
old manner.
I talked to jia, BC is u
So it means the change is only on the client side, not the broker side?
On Fri, Mar 3, 2023 at 11:42 AM Zixuan Liu wrote:
> Hi all,
>
> We only use the BC to encrypt the message, not TLS, so I think we can
> migrate to the BC-FIPS.
>
> If you think it's feasible, I'll try to do it, and if it do
Hi all,
We only use the BC to encrypt the message, not TLS, so I think we can
migrate to the BC-FIPS.
If you think it's feasible, I'll try to do it, and if it doesn't pass the
Pulsar test, I'll keep using the BC.
Thanks,
Zixuan
YuWei Sung 于2023年3月2日周四 00:40写道:
> BC and BC-FIPS differences a
BC and BC-FIPS differences are the cipher suites. This is similar to TLS1.1
vs 1.2 vs 1.3. Some suites are deprecated (not secured enough due to
compute power improvement).
in TLS 1.3, client has no chance to specific weak cipher suites to connect
to server and exploit the weakness.
For BC-FIPS har
> Actually I was expecting that part of the discussion will specify the
> difference between using FIPS compared with non-FIPS, in each BouncyCastle
> usage: TLS and message encryption.
Good catch! I'll check this.
Asaf Mesika 于2023年3月1日周三 21:19写道:
> On Mon, Feb 27, 2023 at 4:35 PM Zixuan Liu
On Mon, Feb 27, 2023 at 4:35 PM Zixuan Liu wrote:
> > users might get exceptions if they don't use specific algorithms or
> encryption schemes?
>
> Could you share more info about this?
>
Actually I was expecting that part of the discussion will specify the
difference between using FIPS compared
> users might get exceptions if they don't use specific algorithms or
encryption schemes?
Could you share more info about this?
Asaf Mesika 于2023年2月27日周一 18:01写道:
> So if I understand you correctly, once you switch to the FIPS version of
> Bouncy Castle, users might get exceptions if they don't
So if I understand you correctly, once you switch to the FIPS version of
Bouncy Castle, users might get exceptions if they don't use specific
algorithms or encryption schemes?
Potentially a breaking change?
You can't switch it off via config?
On Wed, Feb 22, 2023 at 3:56 PM Zixuan Liu wrote:
> >
Thanks @Michael for the context!
> 2020-10-28 01:53:06 UTC - jia zhai: we could consider that in the future.
current way is to align with the old manner. usually user will provide
their own security jars, such as BouncyCastle, and non-fips version maybe
used in a more wide range.
That's valuable
I am +1, but I am not familiar with the nuanced differences of these
jars, so it'd be valuable to get other opinions, too.
I tried to understand why the default is the way it is, and it looks
like Jia Zhai was involved in the initial work [0].
I see in the slack digest on our mailing list that th
> 1. What is FIPS?
FIPS (Federal Information Processing Standards) are a set of standards that
describe document processing, encryption algorithms and other information
technology standards for use within non-military government agencies and by
government contractors and vendors who work with the
Can you elaborate a bit:
1. What is FIPS?
2. Why is the FIPS version safer exactly?
3. What is bouncycastle used exactly in Pulsar?
On Wed, Feb 22, 2023 at 11:58 AM Zixuan Liu wrote:
> Hi all,
>
> I would like to discuss using the bouncycastle fips instead of the
> bouncycastle non-fips.
>
> T
Hi all,
I would like to discuss using the bouncycastle fips instead of the
bouncycastle non-fips.
The bouncycastle is a Java library that complements the default Java
Cryptographic Extension (JCE), which has two versions: fips version and
non-fips version.
The fips version is safer than non-fips
13 matches
Mail list logo
