> 1. What is FIPS? FIPS (Federal Information Processing Standards) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies.
> 2. Why is the FIPS version safer exactly? FIPS standard is strict. When using the FIPS version, this is also very strict and standard. > 3. What is bouncycastle used exactly in Pulsar? We use the bouncycastle as the TLS provider, and used for the end-to-end message encryption. Thanks, Zixuan Asaf Mesika <asaf.mes...@gmail.com> 于2023年2月22日周三 21:23写道: > Can you elaborate a bit: > 1. What is FIPS? > 2. Why is the FIPS version safer exactly? > 3. What is bouncycastle used exactly in Pulsar? > > > > On Wed, Feb 22, 2023 at 11:58 AM Zixuan Liu <node...@gmail.com> wrote: > > > Hi all, > > > > I would like to discuss using the bouncycastle fips instead of the > > bouncycastle non-fips. > > > > The bouncycastle is a Java library that complements the default Java > > Cryptographic Extension (JCE), which has two versions: fips version and > > non-fips version. > > > > The fips version is safer than non-fips. When the security level is very > > high, many policies require the fips version, but the Pulsar default uses > > the non-fips version. Switch this is complex, because > > the `pulsar-client-messagecrypto-bc` module and root project depends on > the > > non-fips, so I suggest we switch to fips version from non-fips. > > > > Reference: > > - https://www.bouncycastle.org/ > > - https://www.bouncycastle.org/fips_faq.html > > - https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards > > > > Thanks, > > Zixuan > > >
