As part of SSDLC objectives, we need to provide some documentation about security and cryptography. See the spec document, although this document has recently been updated to accomodate the v1.1 requirements for next cycle. If you go back a couple of revisions in the document you will see the spec that applied to this cycle, with greater focus on cryptography only.
Anyhow, The security team has provided me some examples of the artifacts produced by other teams:
Accroding to Security 1. was one of the best document that other teams created, but I felt that 2. was the one fitting our use-case better (since also that one was a charm), so I took the outline of that one, and written content appropriate to Kafka and ZooKeeper.
Interestingly, 2. was putting this content into references, but honestly I would feel that it fits more the "Explanation" part.
deusebio
commented
1 month ago
As part of SSDLC objectives, we need to provide some documentation about security and cryptography. See the spec document, although this document has recently been updated to accomodate the v1.1 requirements for next cycle. If you go back a couple of revisions in the document you will see the spec that applied to this cycle, with greater focus on cryptography only.
Anyhow, The security team has provided me some examples of the artifacts produced by other teams:
Accroding to Security 1. was one of the best document that other teams created, but I felt that 2. was the one fitting our use-case better (since also that one was a charm), so I took the outline of that one, and written content appropriate to Kafka and ZooKeeper.
Interestingly, 2. was putting this content into references, but honestly I would feel that it fits more the "Explanation" part.
@marcoppenheimer @Batalex @zmraul