On 8/23/22 9:58 AM, Trevor Vaughan wrote:
How are you going to handle the FIPS build issues surrounding Rust
right now?
Are all crypto libraries going to build against the underlying OpenSSL
(or something else certified)?
Correct all the Rust password storage scheme plugins use OpenSSL (not
NSS), so we don't have these issues anymore.
FYI we were able to get the NSS PBKDF2 version working in FIPS (in very
recent versions), but the Rust version is much better and more secure.
Thanks,
Mark
Thanks,
Trevor
On Tue, Aug 23, 2022 at 9:53 AM Mark Reynolds <[email protected]> wrote:
Hello,
For many years now we have been offering Rust plugins, and for those
that build the server themselves it was possible to disable Rust
if it
was not wanted. This is no longer going to be an option starting
in the
next release of 389-ds-base-2.2 (On Fedora 37). We are upgrading the
default password storage schema to the Rust password storage scheme
PBKDF2_SHA256 for its improved security and performance over the
C/NSS
version (PBKDF2-SHA256). We are also going to be incorporating
Rust into
core parts of the server. So leaving Rust optional is no longer
going
to be an option.
Sorry for the inconvenience this will impose on people not wanting to
build with Rust, but this is the direction we are moving in with
the 389
project.
Feel free to ask any questions or voice concerns over this change,
and
we will do our best to address them.
Sincerely,
--
Directory Server Development Team
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to
[email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
Trevor Vaughan
Vice President, Onyx Point
(410) 541-6699 x788
-- This account not approved for unencrypted proprietary information --
_______________________________________________
389-users mailing list [email protected]
To unsubscribe send an email [email protected]
Fedora Code of
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List
Archives:https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report
it:https://pagure.io/fedora-infrastructure/new_issue
--
Directory Server Development Team
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
