Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Key Points

  1. GO - no VM, compiled, no classes
  2. Fast execution relatively
  3. Frameworks ??

References

Reference_description_with_linked_URLs____________________________Notes_______________________________________________________________


https://golang.org/GO lang

https://stackoverflow.com/questions/28166249/how-to-list-
installed-go-packages

go-module-list-stackoverflow.com-How to list installed go packages.pdf

How to list installed GO modules, versions




https://yourbasic.org/golang/go-vs-java/GO vs Java main differences
https://www.educba.com/go-vs-java/GO vs Java compare


Go Tutorials
https://medium.com/@radadiyasunny970/go-lang-rest-api-using-
gorilla-mux-a7dafbb64214		GO Gorilla MUX for CRUD REST API
go-tutorial-read-write-excel-files.pdfGo read / write excel files


https://medium.com/@radadiyasunny970/a-simple-performance
-test-and-difference-go-v-s-java-e6f29ad65293		GO vs Java performance for loop test
https://dzone.com/articles/java-vs-go-microservices-load-testing-rematchGo vs Java microservices




https://benchmarksgame-team.pages.debian.net/benchmarksgame
/fastest/go-node.html

go-vs-node-benchmark1-2020.pdf

GO vs Node.js benchmarks 1

https://www.intellectsoft.net/blog/nodejs-vs-golang/

go-vs-node-benchmark1-2020.pdf

GO vs Node.js benchmarks 2



Key Concepts




Potential Value Opportunities



Potential Challenges



Go lang crypto package not FIPS 140-2 certified for Government work


Details on GO crypto FIPS compliance issues here



Hi Dave



2> Use of Go lang crypto libraries not validated by NIST

I see that Fabric is or will be relying on the Go crypto package. Turns out the Go crypto package is not FIPS 140.2 certified. As a result, Fabric can't ( in theory ) be used for any Federal or Canadian government solutions.

This study identified the issue on Fabric crypto libraries

Blockchain Compliance with Federal Cryptographic Information Processing Standards by James P. Howard, II, Maria E. Vachino :: SSRN

Blockchain Compliance with Federal Cryptographic Information Processing ...
Under current Federal Information Security Management Act of 2002 (FISMA) requirements, all new Federal informat...


The package Go crypto is "derived" from was validated:
2017 version of BoringCrypto
https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2964

I followed up with the Go security team and they provided this detail below - so far no commitment to have their crypto libraries validated.

Here's their only info on the crypto package
From Filippo Valsorda at Google, if anyone else is interested:
" Go 1.14 and earlier ship a module built according to the instructions in certificate 2964, which maps to BoringSSL tag fips-20170615. https://github.com/golang/go/blob/dev.boringcrypto.go1.14/src/crypto/internal/boring/build/build.sh Go 1.15 and later will hopefully ship a module built according to the instructions in certificate 3318, which maps to BoringSSL tag fips-20180730. https://github.com/golang/go/commit/6c64b188a53afec79563cf4ad3c5bc373036d3ae"

FIPS 140.2 requirements for crypto modules
https://csrc.nist.gov/projects/cryptographic-module-validation-program
Use of Unvalidated Cryptographic Modules by Federal Agencies and Departments

FIPS 140-2 precludes the use of unvalidated cryptography for the cryptographic protection of sensitive or valuable data within Federal systems. Unvalidated cryptography is viewed by NIST as providing no protection to the information or data—in effect the data would be considered unprotected plaintext. If the agency specifies that the information or data be cryptographically protected, then FIPS 140-2 is applicable. In essence, if cryptography is required, then it must be validated.

Many companies who would use Fabric on public projects are impacted by this regulation and the Go crypto module certification status.

Your thoughts on both are appreciated,

Thanks !

Jim Mason




Candidate Solutions



Step-by-step guide for Example








sample code block

sample code block



Recommended Next Steps



  • No labels