[swift-server-dev] Crypto Library
Brent Royal-Gordon
brent at architechies.com
Mon Nov 7 13:54:21 CST 2016
> On Nov 7, 2016, at 7:49 AM, Matt DeFoor via swift-server-dev <swift-server-dev at swift.org> wrote:
>
> Ultimately, I think we'll want to stick with the known crypto libraries and frameworks that are compliant with FIPS 140-2 Level 1 until a decision can be made around the need/desire for a pure-Swift implementation and sponsor(s) for obtaining the validation. There are going to come cases where some software or perhaps embedded hardware that use Swift for crypto purposes will require FIPS 140-2 Level 1 validation.
>
> Then again, perhaps FIPS isn't a concern for people at all. If so, please disregard :)
I'm not familiar with the specifics of the FIPS requirements, but naïvely, this sounds like a good case for some abstraction. If we define general protocols for crypto modules and conform both Darwin security and LibreSSL APIs to them, you'll be able to switch between FIPS-compliant and open-source implementations without rewriting any code.
--
Brent Royal-Gordon
Architechies
More information about the swift-server-dev
mailing list