All:

I would like to put forward a proposal to implement FIPS-compliant
encryption in CloudFoundry. The proposal can be found at:

https://docs.google.com/document/d/13YX1SuVIxxveFiRKpk_xSrQOls5hYbayUzOA8a3AMAE/edit?usp=sharing

A specific aspect of the proposal which I would like to highlight is that
this would enable FIPS-compliant encryption but not mandate it - the
default configuration would be to use the encryption as implemented today,
while allowing those needing to adhere to FIPS 140-2 to do so in their CF
deployments.

I have done some basic analysis to identify areas where work needs to be
done, and I've attempted to capture some of this information in the
proposal as well. I would love to hear from the community on this
proposal.

Thanks,

-Sandy


--
Sandy Cash
Certified Senior IT Architect/Senior SW Engineer
IBM BlueMix
lhcash(a)us.ibm.com
(919) 543-0209

"I skate to where the puck is going to be, not to where it has been.” -
Wayne Gretzky