[
https://issues.apache.org/jira/browse/HDDS-10602?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
István Fajth updated HDDS-10602:
--------------------------------
Description:
In cryptography legislation, it is a common thing to restrict the available
cryptography method to a set of compliant implementations, like algorithms
cyphers hashes etc.
This umbrella JIRA is created to collect all the places where we have an
already configurable cryptography method related configuration, and define
common whitelists of methods for these configuration options.
The suggested default value is the wildcard character (\*), so it conveniently
marks that any implementation is allowed to be chosen.
With this approach, in an environment where compliance is required, there is a
possibility to restrict the valid configuration values to the compliant ones.
The scope of this work is restricted to the currently existing configuration
options, with that have a basic understanding of how these configs will look
like.
The suggested prefix for these whitelists is "ozone.crypto.allowed." and we can
use this as a general definition for different methods as a start.
was:
In cryptography legislation, it is a common thing to restrict the available
cryptography method to a set of compliant implementations, like algorithms
cyphers hashes etc.
This umbrella JIRA is created to collect all the places where we have an
already configurable cryptography method related configuration, and define
common whitelists of methods for these configuration options.
The suggested default value is the wildcard character (*), so it conveniently
marks that any implementation is allowed to be chosen.
With this approach, in an environment where compliance is required, there is a
possibility to restrict the valid configuration values to the compliant ones.
The scope of this work is restricted to the currently existing configuration
options, with that have a basic understanding of how these configs will look
like.
The suggested prefix for these whitelists is "ozone.crypto.allowed." and we can
use this as a general definition for different methods as a start.
> Configurable whitelists for cryptography parameters
> ---------------------------------------------------
>
> Key: HDDS-10602
> URL: https://issues.apache.org/jira/browse/HDDS-10602
> Project: Apache Ozone
> Issue Type: Improvement
> Reporter: István Fajth
> Priority: Major
>
> In cryptography legislation, it is a common thing to restrict the available
> cryptography method to a set of compliant implementations, like algorithms
> cyphers hashes etc.
> This umbrella JIRA is created to collect all the places where we have an
> already configurable cryptography method related configuration, and define
> common whitelists of methods for these configuration options.
> The suggested default value is the wildcard character (\*), so it
> conveniently marks that any implementation is allowed to be chosen.
> With this approach, in an environment where compliance is required, there is
> a possibility to restrict the valid configuration values to the compliant
> ones.
> The scope of this work is restricted to the currently existing configuration
> options, with that have a basic understanding of how these configs will look
> like.
> The suggested prefix for these whitelists is "ozone.crypto.allowed." and we
> can use this as a general definition for different methods as a start.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
