On 8/23/22 9:58 AM, Trevor Vaughan
wrote:
How are you going to handle the FIPS build issues surrounding Rust right now?
Are all crypto libraries going to build against the underlying OpenSSL (or something else certified)?
Correct all the Rust password storage scheme plugins use OpenSSL
(not NSS), so we don't have these issues anymore.
FYI we were able to get the NSS PBKDF2 version working in FIPS (in very recent versions), but the Rust version is much better and more secure.
Thanks,
Mark
Thanks,
Trevor
On Tue, Aug 23, 2022 at 9:53 AM Mark Reynolds <mareynol@xxxxxxxxxx> wrote:
Hello,
For many years now we have been offering Rust plugins, and for those
that build the server themselves it was possible to disable Rust if it
was not wanted. This is no longer going to be an option starting in the
next release of 389-ds-base-2.2 (On Fedora 37). We are upgrading the
default password storage schema to the Rust password storage scheme
PBKDF2_SHA256 for its improved security and performance over the C/NSS
version (PBKDF2-SHA256). We are also going to be incorporating Rust into
core parts of the server. So leaving Rust optional is no longer going
to be an option.
Sorry for the inconvenience this will impose on people not wanting to
build with Rust, but this is the direction we are moving in with the 389
project.
Feel free to ask any questions or voice concerns over this change, and
we will do our best to address them.
Sincerely,
--
Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--
Trevor Vaughan
Vice President, Onyx Point
(410) 541-6699 x788
-- This account not approved for unencrypted proprietary information --
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- Directory Server Development Team
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue