Signing off Ignite for export beyond the U.S.
Locked
12
12
 
|
Igniters,
Regardless of the fact that Ignite is an open source software, ASF as an entity based in the U.S. has to comply with certain exporting regulations [1]. Dmitry Pavlov and I are working on adding Ignite to the table [2] of projects allowed for export and might need the assistance of some of you. Here is a list of cryptographic functions used by Ignite (and provided by a 3rd party vendor): 1. JDK SSL/TLS libraries if a user wishes to enable secured connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK ( https://apacheignite.readme.io/docs/ssltls) 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for transparent data encryption of data on disk ( https://apacheignite.readme.io/docs/transparent-data-encryption) 3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, could you check? 4. Libraries/vendors for C++ clients security (SSL, TLS, anything else?). *Igor Sapego*, could you please check? 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin client contributors*, please facilitate. 6. Anything else missing from the list? We don't have any custom crypto features, right? All of these usages/integrations have to comply with the following checklist [3] before I, as a PMC Chair, submit a notice to Export Administration Regulations of the U.S.A. [1] http://www.apache.org/licenses/exports/ [2] http://www.apache.org/licenses/exports/#matrix [3] https://www.apache.org/dev/crypto.html#classify - Denis |
Re: Signing off Ignite for export beyond the U.S.
|
|
Hi Denis,
Info about Python, PHP, Node.JS thin clients: The clients itself do not contain any cryptographic code but use the features provided by the underlying platforms. Python client uses Python's SSL lib [1] which is a wrapper over OpenSSL [2]. Python 2.7 and Python 3.4 require OpenSSL 1.0, Python 3.5 and higher require OpenSSL 1.1. NodeJS client uses NodeJS's tls module [3] which is a wrapper over OpenSSL [2]. NodeJS 8.x requires OpenSSL 1.0, NodeJS 10.x and higher require OpenSSL 1.1. PHP client uses PHP OpenSSL extension [4]. PHP 7.2 and higher require OpenSSL 1.0. [1] https://docs.python.org/3/library/ssl.html [2] https://www.openssl.org/ [3] https://nodejs.org/api/tls.html [4] https://www.php.net/manual/en/book.openssl.php Regards, -Alexey > Igniters, > > Regardless of the fact that Ignite is an open source software, ASF as an > entity based in the U.S. has to comply with certain exporting > regulations [1]. > > Dmitry Pavlov and I are working on adding Ignite to the table [2] of > projects allowed for export and might need the assistance of some of you. > > Here is a list of cryptographic functions used by Ignite (and provided > by a 3rd party vendor): > > 1. JDK SSL/TLS libraries if a user wishes to enable secured > connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK > (https://apacheignite.readme.io/docs/ssltls) > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for > transparent data encryption of data on disk > (https://apacheignite.readme.io/docs/transparent-data-encryption) > 3. Libraries/vendors for .NET nodes security?*Pavel Tupitsyn*, could > you check? > 4. Libraries/vendors for C++ clients security (SSL, TLS, anything > else?). *Igor Sapego*, could you please check? > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin > client contributors*, please facilitate. > 6. Anything else missing from the list? We don't have any custom crypto > features, right? > > All of these usages/integrations have to comply with the following > checklist [3] before I, as a PMC Chair, submit a notice to Export > Administration Regulations of the U.S.A. > > [1] http://www.apache.org/licenses/exports/ > [2] http://www.apache.org/licenses/exports/#matrix > [3] https://www.apache.org/dev/crypto.html#classify > > > - > Denis |
Re: Signing off Ignite for export beyond the U.S.
|
|
Denis,
C++ thin client and ODBC use OpenSSL to establish secure connection with the cluster and do not contain any crypto algorithms in their own code. Best Regards, Igor On Thu, Jun 13, 2019 at 12:56 AM Alexey Kosenchuk < [hidden email]> wrote: > Hi Denis, > > Info about Python, PHP, Node.JS thin clients: > > The clients itself do not contain any cryptographic code but use the > features provided by the underlying platforms. > > Python client uses Python's SSL lib [1] which is a wrapper over OpenSSL > [2]. > Python 2.7 and Python 3.4 require OpenSSL 1.0, Python 3.5 and higher > require OpenSSL 1.1. > > NodeJS client uses NodeJS's tls module [3] which is a wrapper over > OpenSSL [2]. > NodeJS 8.x requires OpenSSL 1.0, NodeJS 10.x and higher require OpenSSL > 1.1. > > PHP client uses PHP OpenSSL extension [4]. > PHP 7.2 and higher require OpenSSL 1.0. > > [1] https://docs.python.org/3/library/ssl.html > [2] https://www.openssl.org/ > [3] https://nodejs.org/api/tls.html > [4] https://www.php.net/manual/en/book.openssl.php > > Regards, > -Alexey > > > Igniters, > > > > Regardless of the fact that Ignite is an open source software, ASF as an > > entity based in the U.S. has to comply with certain exporting > > regulations [1]. > > > > Dmitry Pavlov and I are working on adding Ignite to the table [2] of > > projects allowed for export and might need the assistance of some of you. > > > > Here is a list of cryptographic functions used by Ignite (and provided > > by a 3rd party vendor): > > > > 1. JDK SSL/TLS libraries if a user wishes to enable secured > > connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK > > (https://apacheignite.readme.io/docs/ssltls) > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for > > transparent data encryption of data on disk > > (https://apacheignite.readme.io/docs/transparent-data-encryption) > > 3. Libraries/vendors for .NET nodes security?*Pavel Tupitsyn*, could > > you check? > > 4. Libraries/vendors for C++ clients security (SSL, TLS, anything > > else?). *Igor Sapego*, could you please check? > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin > > client contributors*, please facilitate. > > 6. Anything else missing from the list? We don't have any custom crypto > > features, right? > > > > All of these usages/integrations have to comply with the following > > checklist [3] before I, as a PMC Chair, submit a notice to Export > > Administration Regulations of the U.S.A. > > > > [1] http://www.apache.org/licenses/exports/ > > [2] http://www.apache.org/licenses/exports/#matrix > > [3] https://www.apache.org/dev/crypto.html#classify > > > > > > - > > Denis > |
|
|
Alex, Igor, thanks for the details. Looks good.
*Pavel Tupitsyn, Aleksandr Shapkin,* could you please help with .NET? - Denis On Thu, Jun 13, 2019 at 2:08 AM Igor Sapego <[hidden email]> wrote: > Denis, > > C++ thin client and ODBC use OpenSSL to establish secure connection with > the cluster and do not contain any crypto algorithms in their own code. > > Best Regards, > Igor > > > On Thu, Jun 13, 2019 at 12:56 AM Alexey Kosenchuk < > [hidden email]> wrote: > >> Hi Denis, >> >> Info about Python, PHP, Node.JS thin clients: >> >> The clients itself do not contain any cryptographic code but use the >> features provided by the underlying platforms. >> >> Python client uses Python's SSL lib [1] which is a wrapper over OpenSSL >> [2]. >> Python 2.7 and Python 3.4 require OpenSSL 1.0, Python 3.5 and higher >> require OpenSSL 1.1. >> >> NodeJS client uses NodeJS's tls module [3] which is a wrapper over >> OpenSSL [2]. >> NodeJS 8.x requires OpenSSL 1.0, NodeJS 10.x and higher require OpenSSL >> 1.1. >> >> PHP client uses PHP OpenSSL extension [4]. >> PHP 7.2 and higher require OpenSSL 1.0. >> >> [1] https://docs.python.org/3/library/ssl.html >> [2] https://www.openssl.org/ >> [3] https://nodejs.org/api/tls.html >> [4] https://www.php.net/manual/en/book.openssl.php >> >> Regards, >> -Alexey >> >> > Igniters, >> > >> > Regardless of the fact that Ignite is an open source software, ASF as >> an >> > entity based in the U.S. has to comply with certain exporting >> > regulations [1]. >> > >> > Dmitry Pavlov and I are working on adding Ignite to the table [2] of >> > projects allowed for export and might need the assistance of some of >> you. >> > >> > Here is a list of cryptographic functions used by Ignite (and provided >> > by a 3rd party vendor): >> > >> > 1. JDK SSL/TLS libraries if a user wishes to enable secured >> > connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK >> > (https://apacheignite.readme.io/docs/ssltls) >> > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for >> > transparent data encryption of data on disk >> > (https://apacheignite.readme.io/docs/transparent-data-encryption) >> > 3. Libraries/vendors for .NET nodes security?*Pavel Tupitsyn*, could >> > you check? >> > 4. Libraries/vendors for C++ clients security (SSL, TLS, anything >> > else?). *Igor Sapego*, could you please check? >> > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin >> > client contributors*, please facilitate. >> > 6. Anything else missing from the list? We don't have any custom crypto >> > features, right? >> > >> > All of these usages/integrations have to comply with the following >> > checklist [3] before I, as a PMC Chair, submit a notice to Export >> > Administration Regulations of the U.S.A. >> > >> > [1] http://www.apache.org/licenses/exports/ >> > [2] http://www.apache.org/licenses/exports/#matrix >> > [3] https://www.apache.org/dev/crypto.html#classify >> > >> > >> > - >> > Denis >> > |
Re: Signing off Ignite for export beyond the U.S.
|
|
Alexey, Igor, thank you for your replies.
I've found one more usage at Java side: It is Amazon AWS S3 Client-side encryption: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html See code at: https://github.com/apache/ignite/blob/master/modules/aws/src/main/java/org/apache/ignite/spi/discovery/tcp/ipfinder/s3/encrypt/package-info.java It was contributed under https://issues.apache.org/jira/browse/IGNITE-7054 Sincerely, Dmitriy Pavlov сб, 15 июн. 2019 г. в 00:57, Denis Magda <[hidden email]>: > Alex, Igor, thanks for the details. Looks good. > > *Pavel Tupitsyn, Aleksandr Shapkin,* could you please help with .NET? > > - > Denis > > > On Thu, Jun 13, 2019 at 2:08 AM Igor Sapego <[hidden email]> wrote: > > > Denis, > > > > C++ thin client and ODBC use OpenSSL to establish secure connection with > > the cluster and do not contain any crypto algorithms in their own code. > > > > Best Regards, > > Igor > > > > > > On Thu, Jun 13, 2019 at 12:56 AM Alexey Kosenchuk < > > [hidden email]> wrote: > > > >> Hi Denis, > >> > >> Info about Python, PHP, Node.JS thin clients: > >> > >> The clients itself do not contain any cryptographic code but use the > >> features provided by the underlying platforms. > >> > >> Python client uses Python's SSL lib [1] which is a wrapper over OpenSSL > >> [2]. > >> Python 2.7 and Python 3.4 require OpenSSL 1.0, Python 3.5 and higher > >> require OpenSSL 1.1. > >> > >> NodeJS client uses NodeJS's tls module [3] which is a wrapper over > >> OpenSSL [2]. > >> NodeJS 8.x requires OpenSSL 1.0, NodeJS 10.x and higher require OpenSSL > >> 1.1. > >> > >> PHP client uses PHP OpenSSL extension [4]. > >> PHP 7.2 and higher require OpenSSL 1.0. > >> > >> [1] https://docs.python.org/3/library/ssl.html > >> [2] https://www.openssl.org/ > >> [3] https://nodejs.org/api/tls.html > >> [4] https://www.php.net/manual/en/book.openssl.php > >> > >> Regards, > >> -Alexey > >> > >> > Igniters, > >> > > >> > Regardless of the fact that Ignite is an open source software, ASF as > >> an > >> > entity based in the U.S. has to comply with certain exporting > >> > regulations [1]. > >> > > >> > Dmitry Pavlov and I are working on adding Ignite to the table [2] of > >> > projects allowed for export and might need the assistance of some of > >> you. > >> > > >> > Here is a list of cryptographic functions used by Ignite (and provided > >> > by a 3rd party vendor): > >> > > >> > 1. JDK SSL/TLS libraries if a user wishes to enable secured > >> > connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK > >> > (https://apacheignite.readme.io/docs/ssltls) > >> > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for > >> > transparent data encryption of data on disk > >> > (https://apacheignite.readme.io/docs/transparent-data-encryption) > >> > 3. Libraries/vendors for .NET nodes security?*Pavel Tupitsyn*, could > >> > you check? > >> > 4. Libraries/vendors for C++ clients security (SSL, TLS, anything > >> > else?). *Igor Sapego*, could you please check? > >> > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin > >> > client contributors*, please facilitate. > >> > 6. Anything else missing from the list? We don't have any custom > crypto > >> > features, right? > >> > > >> > All of these usages/integrations have to comply with the following > >> > checklist [3] before I, as a PMC Chair, submit a notice to Export > >> > Administration Regulations of the U.S.A. > >> > > >> > [1] http://www.apache.org/licenses/exports/ > >> > [2] http://www.apache.org/licenses/exports/#matrix > >> > [3] https://www.apache.org/dev/crypto.html#classify > >> > > >> > > >> > - > >> > Denis > >> > > > |
Re: Signing off Ignite for export beyond the U.S.
|
In reply to this post by dmagda
Hi Denis,
Ignite.NET uses .NET Framework Standard Library for all security and cryptographic related code. There are no dependencies on external libraries. Thanks ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: > Igniters, > > Regardless of the fact that Ignite is an open source software, ASF as an > entity based in the U.S. has to comply with certain exporting regulations > [1]. > > Dmitry Pavlov and I are working on adding Ignite to the table [2] of > projects allowed for export and might need the assistance of some of you. > > Here is a list of cryptographic functions used by Ignite (and provided by > a 3rd party vendor): > > 1. JDK SSL/TLS libraries if a user wishes to enable secured > connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK ( > https://apacheignite.readme.io/docs/ssltls) > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for > transparent data encryption of data on disk ( > https://apacheignite.readme.io/docs/transparent-data-encryption) > 3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, could > you check? > 4. Libraries/vendors for C++ clients security (SSL, TLS, anything > else?). *Igor Sapego*, could you please check? > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin > client contributors*, please facilitate. > 6. Anything else missing from the list? We don't have any custom > crypto features, right? > > All of these usages/integrations have to comply with the following > checklist [3] before I, as a PMC Chair, submit a notice to Export > Administration Regulations of the U.S.A. > > [1] http://www.apache.org/licenses/exports/ > [2] http://www.apache.org/licenses/exports/#matrix > [3] https://www.apache.org/dev/crypto.html#classify > > > - > Denis > |
Re: Signing off Ignite for export beyond the U.S.
|
|
Thanks, Pavel!
Denis, Pavel, Igniters, please review the following proposal: - Python, Node JS, ODBC to be declared as OpenSSL usage. - AWS-S3 client-side encryption to be declared as JCA/JCE usage. - SSLContextFactory usage to be declared as JCA/JCE usage. - TDE to be declared as JCA/JCE Export matrix data to be published in ASF-level SVN: <<<<< Product Name Apache Ignite Versions development 2.7 and later <Earlier versions-TBD?> ECCN 5D002 Controlled source ASF title=Designed to use with built-in Java Cryptography Architecture (JCA) href=https://gitbox.apache.org/repos/asf?p=ignite.git Oracle title=Designed to use with built-in Java encryption libraries (JCE) href=https://www.oracle.com/technetwork/java/javase/downloads/index.html The OpenSSL Project title=Designed to use General Purpose cryptography library included with OpenSSL href=https://www.openssl.org/source/ Microsoft title=Designed to use .NET Framework Cryptography Model href=https://dotnet.microsoft.com/download >>>>>> Open questions: 1) Declaring older versions of Ignite. 2) Is it correct to mention that Ignite uses .NET core controlled by .NET Foundation? E.g. as follows: (controlled by) .NET Foundation title=Designed to use .NET Framework Cryptography Model href=https://dotnetfoundation.org/projects Should it go instead of Microsoft? Should we mention .NET code in addition to Microsoft? Sincerely, Dmitriy Pavlov пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <[hidden email]>: > Hi Denis, > > Ignite.NET uses .NET Framework Standard Library for all security and > cryptographic related code. There are no dependencies on external > libraries. > > Thanks > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: > > > Igniters, > > > > Regardless of the fact that Ignite is an open source software, ASF as an > > entity based in the U.S. has to comply with certain exporting regulations > > [1]. > > > > Dmitry Pavlov and I are working on adding Ignite to the table [2] of > > projects allowed for export and might need the assistance of some of you. > > > > Here is a list of cryptographic functions used by Ignite (and provided by > > a 3rd party vendor): > > > > 1. JDK SSL/TLS libraries if a user wishes to enable secured > > connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK ( > > https://apacheignite.readme.io/docs/ssltls) > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for > > transparent data encryption of data on disk ( > > https://apacheignite.readme.io/docs/transparent-data-encryption) > > 3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, could > > you check? > > 4. Libraries/vendors for C++ clients security (SSL, TLS, anything > > else?). *Igor Sapego*, could you please check? > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin > > client contributors*, please facilitate. > > 6. Anything else missing from the list? We don't have any custom > > crypto features, right? > > > > All of these usages/integrations have to comply with the following > > checklist [3] before I, as a PMC Chair, submit a notice to Export > > Administration Regulations of the U.S.A. > > > > [1] http://www.apache.org/licenses/exports/ > > [2] http://www.apache.org/licenses/exports/#matrix > > [3] https://www.apache.org/dev/crypto.html#classify > > > > > > - > > Denis > > > |
Re: Signing off Ignite for export beyond the U.S.
|
|
Igniters,
One more usage,we need to mention at Export matrix data: <<< ++++ JCraft, Inc. title=Provides encryption SSH library href=http://www.jcraft.com/jsch/ >>> ++++ One more thing I would like to declare as an open question: 3) Is it possible to setup HTTPs connection to Ignite Rest API? https://apacheignite.readme.io/docs/rest-api If it is possible, then we should add The Eclipse Foundation title=HTTPs support in Jetty (using SSL) href=http://www.eclipse.org/jetty/ BTW, detailed information should be included into CRYPTO notice file like following https://ant.apache.org/ivy/CryptoNotice.html So please provide as much information as it is possible. Sincerely, Dmitriy Pavlov пн, 17 июн. 2019 г. в 16:35, Dmitriy Pavlov <[hidden email]>: > Thanks, Pavel! > > Denis, Pavel, Igniters, please review the following proposal: > > - Python, Node JS, ODBC to be declared as OpenSSL usage. > - AWS-S3 client-side encryption to be declared as JCA/JCE usage. > - SSLContextFactory usage to be declared as JCA/JCE usage. > - TDE to be declared as JCA/JCE > > Export matrix data to be published in ASF-level SVN: > <<<<< > Product Name > Apache Ignite > > Versions > development > 2.7 and later <Earlier versions-TBD?> > > ECCN > 5D002 > > Controlled source > ASF > title=Designed to use with built-in Java Cryptography Architecture (JCA) > href=https://gitbox.apache.org/repos/asf?p=ignite.git > > Oracle > title=Designed to use with built-in Java encryption libraries (JCE) > href=https://www.oracle.com/technetwork/java/javase/downloads/index.html > > The OpenSSL Project > title=Designed to use General Purpose cryptography library included with > OpenSSL > href=https://www.openssl.org/source/ > > Microsoft > title=Designed to use .NET Framework Cryptography Model > href=https://dotnet.microsoft.com/download > >>>>>> > > Open questions: > 1) Declaring older versions of Ignite. > 2) Is it correct to mention that Ignite uses .NET core controlled by .NET > Foundation? E.g. as follows: > (controlled by) > .NET Foundation > title=Designed to use .NET Framework Cryptography Model > href=https://dotnetfoundation.org/projects > > Should it go instead of Microsoft? Should we mention .NET code in addition > to Microsoft? > > Sincerely, > Dmitriy Pavlov > > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <[hidden email]>: > >> Hi Denis, >> >> Ignite.NET uses .NET Framework Standard Library for all security and >> cryptographic related code. There are no dependencies on external >> libraries. >> >> Thanks >> >> ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: >> >> > Igniters, >> > >> > Regardless of the fact that Ignite is an open source software, ASF as an >> > entity based in the U.S. has to comply with certain exporting >> regulations >> > [1]. >> > >> > Dmitry Pavlov and I are working on adding Ignite to the table [2] of >> > projects allowed for export and might need the assistance of some of >> you. >> > >> > Here is a list of cryptographic functions used by Ignite (and provided >> by >> > a 3rd party vendor): >> > >> > 1. JDK SSL/TLS libraries if a user wishes to enable secured >> > connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK ( >> > https://apacheignite.readme.io/docs/ssltls) >> > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for >> > transparent data encryption of data on disk ( >> > https://apacheignite.readme.io/docs/transparent-data-encryption) >> > 3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, could >> > you check? >> > 4. Libraries/vendors for C++ clients security (SSL, TLS, anything >> > else?). *Igor Sapego*, could you please check? >> > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin >> > client contributors*, please facilitate. >> > 6. Anything else missing from the list? We don't have any custom >> > crypto features, right? >> > >> > All of these usages/integrations have to comply with the following >> > checklist [3] before I, as a PMC Chair, submit a notice to Export >> > Administration Regulations of the U.S.A. >> > >> > [1] http://www.apache.org/licenses/exports/ >> > [2] http://www.apache.org/licenses/exports/#matrix >> > [3] https://www.apache.org/dev/crypto.html#classify >> > >> > >> > - >> > Denis >> > >> > |
RE: Signing off Ignite for export beyond the U.S.
|
|
In reply to this post by Dmitry Pavlov
>1) Declaring older versions of Ignite.
>2) Is it correct to mention that Ignite uses .NET core controlled by .NET >Foundation? E.g. as follows: >(controlled by) >.NET Foundation >title=Designed to use .NET Framework Cryptography Model >href=https://dotnetfoundation.org/projects >Should it go instead of Microsoft? Should we mention .NET code in addition >to Microsoft? Yes, I think we can do this. Ignite targets both of the them. And .NET Core uses it’s own implementation of standard class library[1] Pavel may correct me. [1] https://github.com/dotnet/corefx From: Dmitriy Pavlov Sent: Monday, June 17, 2019 4:35 PM To: dev Cc: Denis Magda; Igor Sapego; Pavel Petroshenko; Nikolay Izhikov Subject: Re: Signing off Ignite for export beyond the U.S. Thanks, Pavel! Denis, Pavel, Igniters, please review the following proposal: - Python, Node JS, ODBC to be declared as OpenSSL usage. - AWS-S3 client-side encryption to be declared as JCA/JCE usage. - SSLContextFactory usage to be declared as JCA/JCE usage. - TDE to be declared as JCA/JCE Export matrix data to be published in ASF-level SVN: <<<<< Product Name Apache Ignite Versions development 2.7 and later <Earlier versions-TBD?> ECCN 5D002 Controlled source ASF title=Designed to use with built-in Java Cryptography Architecture (JCA) href=https://gitbox.apache.org/repos/asf?p=ignite.git Oracle title=Designed to use with built-in Java encryption libraries (JCE) href=https://www.oracle.com/technetwork/java/javase/downloads/index.html The OpenSSL Project title=Designed to use General Purpose cryptography library included with OpenSSL href=https://www.openssl.org/source/ Microsoft title=Designed to use .NET Framework Cryptography Model href=https://dotnet.microsoft.com/download >>>>>> Open questions: 1) Declaring older versions of Ignite. 2) Is it correct to mention that Ignite uses .NET core controlled by .NET Foundation? E.g. as follows: (controlled by) .NET Foundation title=Designed to use .NET Framework Cryptography Model href=https://dotnetfoundation.org/projects Should it go instead of Microsoft? Should we mention .NET code in addition to Microsoft? Sincerely, Dmitriy Pavlov пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <[hidden email]>: > Hi Denis, > > Ignite.NET uses .NET Framework Standard Library for all security and > cryptographic related code. There are no dependencies on external > libraries. > > Thanks > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: > > > Igniters, > > > > Regardless of the fact that Ignite is an open source software, ASF as an > > entity based in the U.S. has to comply with certain exporting regulations > > [1]. > > > > Dmitry Pavlov and I are working on adding Ignite to the table [2] of > > projects allowed for export and might need the assistance of some of you. > > > > Here is a list of cryptographic functions used by Ignite (and provided by > > a 3rd party vendor): > > > > 1. JDK SSL/TLS libraries if a user wishes to enable secured > > connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK ( > > https://apacheignite.readme.io/docs/ssltls) > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for > > transparent data encryption of data on disk ( > > https://apacheignite.readme.io/docs/transparent-data-encryption) > > 3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, could > > you check? > > 4. Libraries/vendors for C++ clients security (SSL, TLS, anything > > else?). *Igor Sapego*, could you please check? > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin > > client contributors*, please facilitate. > > 6. Anything else missing from the list? We don't have any custom > > crypto features, right? > > > > All of these usages/integrations have to comply with the following > > checklist [3] before I, as a PMC Chair, submit a notice to Export > > Administration Regulations of the U.S.A. > > > > [1] http://www.apache.org/licenses/exports/ > > [2] http://www.apache.org/licenses/exports/#matrix > > [3] https://www.apache.org/dev/crypto.html#classify > > > > > > - > > Denis > > > |
Re: Signing off Ignite for export beyond the U.S.
|
|
Alexander, thank you for your reply.
Let's follow the motto: "Show me the code!" Even we don't have any single line of code here. I've created - issue https://issues.apache.org/jira/browse/IGNITE-11932 - a new head with draft content https://gitbox.apache.org/repos/asf?p=ignite.git;a=shortlog;h=refs/heads/ignite-11932 - PR https://github.com/apache/ignite/pull/6616/files For preparing an update to SVN (I don't have karma to update, so Denis I will ask you for an update once we finalize content). Committers are encouraged to update branch directly, everyone else can suggest edits using GitHub. Sincerely, Dmitriy Pavlov пн, 17 июн. 2019 г. в 17:20, Alexandr Shapkin <[hidden email]>: > >1) Declaring older versions of Ignite. > >2) Is it correct to mention that Ignite uses .NET core controlled by .NET > >Foundation? E.g. as follows: > >(controlled by) > >.NET Foundation > >title=Designed to use .NET Framework Cryptography Model > >href=https://dotnetfoundation.org/projects > > >Should it go instead of Microsoft? Should we mention .NET code in addition > >to Microsoft? > > Yes, I think we can do this. Ignite targets both of the them. And .NET > Core uses it’s own implementation of standard class library[1] > Pavel may correct me. > > [1] https://github.com/dotnet/corefx > > From: Dmitriy Pavlov > Sent: Monday, June 17, 2019 4:35 PM > To: dev > Cc: Denis Magda; Igor Sapego; Pavel Petroshenko; Nikolay Izhikov > Subject: Re: Signing off Ignite for export beyond the U.S. > > Thanks, Pavel! > > Denis, Pavel, Igniters, please review the following proposal: > > - Python, Node JS, ODBC to be declared as OpenSSL usage. > - AWS-S3 client-side encryption to be declared as JCA/JCE usage. > - SSLContextFactory usage to be declared as JCA/JCE usage. > - TDE to be declared as JCA/JCE > > Export matrix data to be published in ASF-level SVN: > <<<<< > Product Name > Apache Ignite > > Versions > development > 2.7 and later <Earlier versions-TBD?> > > ECCN > 5D002 > > Controlled source > ASF > title=Designed to use with built-in Java Cryptography Architecture (JCA) > href=https://gitbox.apache.org/repos/asf?p=ignite.git > > Oracle > title=Designed to use with built-in Java encryption libraries (JCE) > href=https://www.oracle.com/technetwork/java/javase/downloads/index.html > > The OpenSSL Project > title=Designed to use General Purpose cryptography library included with > OpenSSL > href=https://www.openssl.org/source/ > > Microsoft > title=Designed to use .NET Framework Cryptography Model > href=https://dotnet.microsoft.com/download > >>>>>> > > Open questions: > 1) Declaring older versions of Ignite. > 2) Is it correct to mention that Ignite uses .NET core controlled by .NET > Foundation? E.g. as follows: > (controlled by) > .NET Foundation > title=Designed to use .NET Framework Cryptography Model > href=https://dotnetfoundation.org/projects > > Should it go instead of Microsoft? Should we mention .NET code in addition > to Microsoft? > > Sincerely, > Dmitriy Pavlov > > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <[hidden email]>: > > > Hi Denis, > > > > Ignite.NET uses .NET Framework Standard Library for all security and > > cryptographic related code. There are no dependencies on external > > libraries. > > > > Thanks > > > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: > > > > > Igniters, > > > > > > Regardless of the fact that Ignite is an open source software, ASF as > an > > > entity based in the U.S. has to comply with certain exporting > regulations > > > [1]. > > > > > > Dmitry Pavlov and I are working on adding Ignite to the table [2] of > > > projects allowed for export and might need the assistance of some of > you. > > > > > > Here is a list of cryptographic functions used by Ignite (and provided > by > > > a 3rd party vendor): > > > > > > 1. JDK SSL/TLS libraries if a user wishes to enable secured > > > connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK ( > > > https://apacheignite.readme.io/docs/ssltls) > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for > > > transparent data encryption of data on disk ( > > > https://apacheignite.readme.io/docs/transparent-data-encryption) > > > 3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, > could > > > you check? > > > 4. Libraries/vendors for C++ clients security (SSL, TLS, anything > > > else?). *Igor Sapego*, could you please check? > > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin > > > client contributors*, please facilitate. > > > 6. Anything else missing from the list? We don't have any custom > > > crypto features, right? > > > > > > All of these usages/integrations have to comply with the following > > > checklist [3] before I, as a PMC Chair, submit a notice to Export > > > Administration Regulations of the U.S.A. > > > > > > [1] http://www.apache.org/licenses/exports/ > > > [2] http://www.apache.org/licenses/exports/#matrix > > > [3] https://www.apache.org/dev/crypto.html#classify > > > > > > > > > - > > > Denis > > > > > > > |
Re: Signing off Ignite for export beyond the U.S.
|
|
In reply to this post by Aleksandr Shapkin
>>Should it go instead of Microsoft? Should we mention .NET code in addition
>>to Microsoft? >Yes, I think we can do this. Ignite targets both of the them. And .NET Core uses it’s own implementation of standard class library[1] >Pavel may correct me. We use crypto APIs from standard class library. We ship our binaries, but we don't ship the framework binaries. Our binaries can be executed with .NET Core (open-source, MIT license), Mono (open-source, MIT license), and .NET Classic (old framework, Windows-only, Microsoft license). I'm still not sure what is the question we are trying to answer, though. Thanks, Pavel On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <[hidden email]> wrote: > >1) Declaring older versions of Ignite. > > >2) Is it correct to mention that Ignite uses .NET core controlled by .NET > > >Foundation? E.g. as follows: > > >(controlled by) > > >.NET Foundation > > >title=Designed to use .NET Framework Cryptography Model > > >href=https://dotnetfoundation.org/projects > > > > >Should it go instead of Microsoft? Should we mention .NET code in addition > > >to Microsoft? > > > > Yes, I think we can do this. Ignite targets both of the them. And .NET > Core uses it’s own implementation of standard class library[1] > > Pavel may correct me. > > > > [1] https://github.com/dotnet/corefx > > > > *From: *Dmitriy Pavlov <[hidden email]> > *Sent: *Monday, June 17, 2019 4:35 PM > *To: *dev <[hidden email]> > *Cc: *Denis Magda <[hidden email]>; Igor Sapego <[hidden email]>; Pavel > Petroshenko <[hidden email]>; Nikolay Izhikov <[hidden email]> > *Subject: *Re: Signing off Ignite for export beyond the U.S. > > > > Thanks, Pavel! > > > > Denis, Pavel, Igniters, please review the following proposal: > > > > - Python, Node JS, ODBC to be declared as OpenSSL usage. > > - AWS-S3 client-side encryption to be declared as JCA/JCE usage. > > - SSLContextFactory usage to be declared as JCA/JCE usage. > > - TDE to be declared as JCA/JCE > > > > Export matrix data to be published in ASF-level SVN: > > <<<<< > > Product Name > > Apache Ignite > > > > Versions > > development > > 2.7 and later <Earlier versions-TBD?> > > > > ECCN > > 5D002 > > > > Controlled source > > ASF > > title=Designed to use with built-in Java Cryptography Architecture (JCA) > > href=https://gitbox.apache.org/repos/asf?p=ignite.git > > > > Oracle > > title=Designed to use with built-in Java encryption libraries (JCE) > > href=https://www.oracle.com/technetwork/java/javase/downloads/index.html > > > > The OpenSSL Project > > title=Designed to use General Purpose cryptography library included with > > OpenSSL > > href=https://www.openssl.org/source/ > > > > Microsoft > > title=Designed to use .NET Framework Cryptography Model > > href=https://dotnet.microsoft.com/download > > >>>>>> > > > > Open questions: > > 1) Declaring older versions of Ignite. > > 2) Is it correct to mention that Ignite uses .NET core controlled by .NET > > Foundation? E.g. as follows: > > (controlled by) > > .NET Foundation > > title=Designed to use .NET Framework Cryptography Model > > href=https://dotnetfoundation.org/projects > > > > Should it go instead of Microsoft? Should we mention .NET code in addition > > to Microsoft? > > > > Sincerely, > > Dmitriy Pavlov > > > > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <[hidden email]>: > > > > > Hi Denis, > > > > > > Ignite.NET uses .NET Framework Standard Library for all security and > > > cryptographic related code. There are no dependencies on external > > > libraries. > > > > > > Thanks > > > > > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: > > > > > > > Igniters, > > > > > > > > Regardless of the fact that Ignite is an open source software, ASF as > an > > > > entity based in the U.S. has to comply with certain exporting > regulations > > > > [1]. > > > > > > > > Dmitry Pavlov and I are working on adding Ignite to the table [2] of > > > > projects allowed for export and might need the assistance of some of > you. > > > > > > > > Here is a list of cryptographic functions used by Ignite (and provided > by > > > > a 3rd party vendor): > > > > > > > > 1. JDK SSL/TLS libraries if a user wishes to enable secured > > > > connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK ( > > > > https://apacheignite.readme.io/docs/ssltls) > > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for > > > > transparent data encryption of data on disk ( > > > > https://apacheignite.readme.io/docs/transparent-data-encryption) > > > > 3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, > could > > > > you check? > > > > 4. Libraries/vendors for C++ clients security (SSL, TLS, anything > > > > else?). *Igor Sapego*, could you please check? > > > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin > > > > client contributors*, please facilitate. > > > > 6. Anything else missing from the list? We don't have any custom > > > > crypto features, right? > > > > > > > > All of these usages/integrations have to comply with the following > > > > checklist [3] before I, as a PMC Chair, submit a notice to Export > > > > Administration Regulations of the U.S.A. > > > > > > > > [1] http://www.apache.org/licenses/exports/ > > > > [2] http://www.apache.org/licenses/exports/#matrix > > > > [3] https://www.apache.org/dev/crypto.html#classify > > > > > > > > > > > > - > > > > Denis > > > > > > > > > > |
Re: Signing off Ignite for export beyond the U.S.
|
|
Pavel,
we need to follow the process from https://www.apache.org/dev/crypto.html#classify Please see similar products in the draft export matrix, https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7 We don't ship JDK, but we designed our product to use a cryptographic feature from this 3rd party product, so we need to follow this process and provide matrix update, add CRYPTO notice (I'll draft it). Other products don't declare all possible JDKs - http://www.apache.org/licenses/exports/#matrix So, probably, one declaration of .NET classic (Microsoft) would be enough. Sincerely, Dmitriy Pavlov пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <[hidden email]>: > >>Should it go instead of Microsoft? Should we mention .NET code in > addition > > >>to Microsoft? > > > > >Yes, I think we can do this. Ignite targets both of the them. And .NET > Core uses it’s own implementation of standard class library[1] > > >Pavel may correct me. > > > We use crypto APIs from standard class library. We ship our binaries, but > we don't ship the framework binaries. > > Our binaries can be executed with .NET Core (open-source, MIT license), > Mono (open-source, MIT license), and .NET Classic (old framework, > Windows-only, Microsoft license). > > I'm still not sure what is the question we are trying to answer, though. > > > Thanks, > > Pavel > > > > On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <[hidden email]> > wrote: > > > >1) Declaring older versions of Ignite. > > > > >2) Is it correct to mention that Ignite uses .NET core controlled by > .NET > > > > >Foundation? E.g. as follows: > > > > >(controlled by) > > > > >.NET Foundation > > > > >title=Designed to use .NET Framework Cryptography Model > > > > >href=https://dotnetfoundation.org/projects > > > > > > > > >Should it go instead of Microsoft? Should we mention .NET code in > addition > > > > >to Microsoft? > > > > > > > > Yes, I think we can do this. Ignite targets both of the them. And .NET > > Core uses it’s own implementation of standard class library[1] > > > > Pavel may correct me. > > > > > > > > [1] https://github.com/dotnet/corefx > > > > > > > > *From: *Dmitriy Pavlov <[hidden email]> > > *Sent: *Monday, June 17, 2019 4:35 PM > > *To: *dev <[hidden email]> > > *Cc: *Denis Magda <[hidden email]>; Igor Sapego <[hidden email]>; > Pavel > > Petroshenko <[hidden email]>; Nikolay Izhikov <[hidden email]> > > *Subject: *Re: Signing off Ignite for export beyond the U.S. > > > > > > > > Thanks, Pavel! > > > > > > > > Denis, Pavel, Igniters, please review the following proposal: > > > > > > > > - Python, Node JS, ODBC to be declared as OpenSSL usage. > > > > - AWS-S3 client-side encryption to be declared as JCA/JCE usage. > > > > - SSLContextFactory usage to be declared as JCA/JCE usage. > > > > - TDE to be declared as JCA/JCE > > > > > > > > Export matrix data to be published in ASF-level SVN: > > > > <<<<< > > > > Product Name > > > > Apache Ignite > > > > > > > > Versions > > > > development > > > > 2.7 and later <Earlier versions-TBD?> > > > > > > > > ECCN > > > > 5D002 > > > > > > > > Controlled source > > > > ASF > > > > title=Designed to use with built-in Java Cryptography Architecture (JCA) > > > > href=https://gitbox.apache.org/repos/asf?p=ignite.git > > > > > > > > Oracle > > > > title=Designed to use with built-in Java encryption libraries (JCE) > > > > href=https://www.oracle.com/technetwork/java/javase/downloads/index.html > > > > > > > > The OpenSSL Project > > > > title=Designed to use General Purpose cryptography library included with > > > > OpenSSL > > > > href=https://www.openssl.org/source/ > > > > > > > > Microsoft > > > > title=Designed to use .NET Framework Cryptography Model > > > > href=https://dotnet.microsoft.com/download > > > > >>>>>> > > > > > > > > Open questions: > > > > 1) Declaring older versions of Ignite. > > > > 2) Is it correct to mention that Ignite uses .NET core controlled by > .NET > > > > Foundation? E.g. as follows: > > > > (controlled by) > > > > .NET Foundation > > > > title=Designed to use .NET Framework Cryptography Model > > > > href=https://dotnetfoundation.org/projects > > > > > > > > Should it go instead of Microsoft? Should we mention .NET code in > addition > > > > to Microsoft? > > > > > > > > Sincerely, > > > > Dmitriy Pavlov > > > > > > > > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <[hidden email]>: > > > > > > > > > Hi Denis, > > > > > > > > > > Ignite.NET uses .NET Framework Standard Library for all security and > > > > > cryptographic related code. There are no dependencies on external > > > > > libraries. > > > > > > > > > > Thanks > > > > > > > > > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: > > > > > > > > > > > Igniters, > > > > > > > > > > > > Regardless of the fact that Ignite is an open source software, ASF as > > an > > > > > > entity based in the U.S. has to comply with certain exporting > > regulations > > > > > > [1]. > > > > > > > > > > > > Dmitry Pavlov and I are working on adding Ignite to the table [2] of > > > > > > projects allowed for export and might need the assistance of some of > > you. > > > > > > > > > > > > Here is a list of cryptographic functions used by Ignite (and > provided > > by > > > > > > a 3rd party vendor): > > > > > > > > > > > > 1. JDK SSL/TLS libraries if a user wishes to enable secured > > > > > > connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK > ( > > > > > > https://apacheignite.readme.io/docs/ssltls) > > > > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for > > > > > > transparent data encryption of data on disk ( > > > > > > https://apacheignite.readme.io/docs/transparent-data-encryption) > > > > > > 3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, > > could > > > > > > you check? > > > > > > 4. Libraries/vendors for C++ clients security (SSL, TLS, anything > > > > > > else?). *Igor Sapego*, could you please check? > > > > > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin > > > > > > client contributors*, please facilitate. > > > > > > 6. Anything else missing from the list? We don't have any custom > > > > > > crypto features, right? > > > > > > > > > > > > All of these usages/integrations have to comply with the following > > > > > > checklist [3] before I, as a PMC Chair, submit a notice to Export > > > > > > Administration Regulations of the U.S.A. > > > > > > > > > > > > [1] http://www.apache.org/licenses/exports/ > > > > > > [2] http://www.apache.org/licenses/exports/#matrix > > > > > > [3] https://www.apache.org/dev/crypto.html#classify > > > > > > > > > > > > > > > > > > - > > > > > > Denis > > > > > > > > > > > > > > > > > > |
Re: Signing off Ignite for export beyond the U.S.
|
|
Igniters,
please review crypto notice in https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 Only 2 open questions: about declaring released versions, and about declaring .NET versions (.NET Core & . NET Classic). By default, I propose to keep both. Sincerely, Dmitriy Pavlov пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <[hidden email]>: > Pavel, > > we need to follow the process from > https://www.apache.org/dev/crypto.html#classify > > Please see similar products in the draft export matrix, > > https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7 > > > We don't ship JDK, but we designed our product to use a cryptographic > feature from this 3rd party product, so we need to follow this process and > provide matrix update, add CRYPTO notice (I'll draft it). > > Other products don't declare all possible JDKs - > http://www.apache.org/licenses/exports/#matrix So, probably, one > declaration of .NET classic (Microsoft) would be enough. > > Sincerely, > Dmitriy Pavlov > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <[hidden email]>: > >> >>Should it go instead of Microsoft? Should we mention .NET code in >> addition >> >> >>to Microsoft? >> >> >> >> >Yes, I think we can do this. Ignite targets both of the them. And .NET >> Core uses it’s own implementation of standard class library[1] >> >> >Pavel may correct me. >> >> >> We use crypto APIs from standard class library. We ship our binaries, but >> we don't ship the framework binaries. >> >> Our binaries can be executed with .NET Core (open-source, MIT license), >> Mono (open-source, MIT license), and .NET Classic (old framework, >> Windows-only, Microsoft license). >> >> I'm still not sure what is the question we are trying to answer, though. >> >> >> Thanks, >> >> Pavel >> >> >> >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <[hidden email]> >> wrote: >> >> > >1) Declaring older versions of Ignite. >> > >> > >2) Is it correct to mention that Ignite uses .NET core controlled by >> .NET >> > >> > >Foundation? E.g. as follows: >> > >> > >(controlled by) >> > >> > >.NET Foundation >> > >> > >title=Designed to use .NET Framework Cryptography Model >> > >> > >href=https://dotnetfoundation.org/projects >> > >> > >> > >> > >Should it go instead of Microsoft? Should we mention .NET code in >> addition >> > >> > >to Microsoft? >> > >> > >> > >> > Yes, I think we can do this. Ignite targets both of the them. And .NET >> > Core uses it’s own implementation of standard class library[1] >> > >> > Pavel may correct me. >> > >> > >> > >> > [1] https://github.com/dotnet/corefx >> > >> > >> > >> > *From: *Dmitriy Pavlov <[hidden email]> >> > *Sent: *Monday, June 17, 2019 4:35 PM >> > *To: *dev <[hidden email]> >> > *Cc: *Denis Magda <[hidden email]>; Igor Sapego <[hidden email]>; >> Pavel >> > Petroshenko <[hidden email]>; Nikolay Izhikov <[hidden email]> >> > *Subject: *Re: Signing off Ignite for export beyond the U.S. >> > >> > >> > >> > Thanks, Pavel! >> > >> > >> > >> > Denis, Pavel, Igniters, please review the following proposal: >> > >> > >> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage. >> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage. >> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage. >> > >> > - TDE to be declared as JCA/JCE >> > >> > >> > >> > Export matrix data to be published in ASF-level SVN: >> > >> > <<<<< >> > >> > Product Name >> > >> > Apache Ignite >> > >> > >> > >> > Versions >> > >> > development >> > >> > 2.7 and later <Earlier versions-TBD?> >> > >> > >> > >> > ECCN >> > >> > 5D002 >> > >> > >> > >> > Controlled source >> > >> > ASF >> > >> > title=Designed to use with built-in Java Cryptography Architecture (JCA) >> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git >> > >> > >> > >> > Oracle >> > >> > title=Designed to use with built-in Java encryption libraries (JCE) >> > >> > href= >> https://www.oracle.com/technetwork/java/javase/downloads/index.html >> > >> > >> > >> > The OpenSSL Project >> > >> > title=Designed to use General Purpose cryptography library included with >> > >> > OpenSSL >> > >> > href=https://www.openssl.org/source/ >> > >> > >> > >> > Microsoft >> > >> > title=Designed to use .NET Framework Cryptography Model >> > >> > href=https://dotnet.microsoft.com/download >> > >> > >>>>>> >> > >> > >> > >> > Open questions: >> > >> > 1) Declaring older versions of Ignite. >> > >> > 2) Is it correct to mention that Ignite uses .NET core controlled by >> .NET >> > >> > Foundation? E.g. as follows: >> > >> > (controlled by) >> > >> > .NET Foundation >> > >> > title=Designed to use .NET Framework Cryptography Model >> > >> > href=https://dotnetfoundation.org/projects >> > >> > >> > >> > Should it go instead of Microsoft? Should we mention .NET code in >> addition >> > >> > to Microsoft? >> > >> > >> > >> > Sincerely, >> > >> > Dmitriy Pavlov >> > >> > >> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <[hidden email]>: >> > >> > >> > >> > > Hi Denis, >> > >> > > >> > >> > > Ignite.NET uses .NET Framework Standard Library for all security and >> > >> > > cryptographic related code. There are no dependencies on external >> > >> > > libraries. >> > >> > > >> > >> > > Thanks >> > >> > > >> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: >> > >> > > >> > >> > > > Igniters, >> > >> > > > >> > >> > > > Regardless of the fact that Ignite is an open source software, ASF >> as >> > an >> > >> > > > entity based in the U.S. has to comply with certain exporting >> > regulations >> > >> > > > [1]. >> > >> > > > >> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the table [2] of >> > >> > > > projects allowed for export and might need the assistance of some of >> > you. >> > >> > > > >> > >> > > > Here is a list of cryptographic functions used by Ignite (and >> provided >> > by >> > >> > > > a 3rd party vendor): >> > >> > > > >> > >> > > > 1. JDK SSL/TLS libraries if a user wishes to enable secured >> > >> > > > connectivity between cluster nodes. Manufacturer - >> Oracle/OpenJDK ( >> > >> > > > https://apacheignite.readme.io/docs/ssltls) >> > >> > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries >> for >> > >> > > > transparent data encryption of data on disk ( >> > >> > > > https://apacheignite.readme.io/docs/transparent-data-encryption) >> > >> > > > 3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, >> > could >> > >> > > > you check? >> > >> > > > 4. Libraries/vendors for C++ clients security (SSL, TLS, anything >> > >> > > > else?). *Igor Sapego*, could you please check? >> > >> > > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin >> > >> > > > client contributors*, please facilitate. >> > >> > > > 6. Anything else missing from the list? We don't have any custom >> > >> > > > crypto features, right? >> > >> > > > >> > >> > > > All of these usages/integrations have to comply with the following >> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to Export >> > >> > > > Administration Regulations of the U.S.A. >> > >> > > > >> > >> > > > [1] http://www.apache.org/licenses/exports/ >> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix >> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify >> > >> > > > >> > >> > > > >> > >> > > > - >> > >> > > > Denis >> > >> > > > >> > >> > > >> > >> > >> > >> > |
|
|
Dmitriy,
I think that it's required to enlist all of the publicly released Ignite versions (available for download from the website). It means that the XML should have the following controlled sources grouped by Ignite versions' ranges. - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse Foundation - Ignite 1.5.0 and later: all of the controller versions listed by you. Not sure about JCraft only. What was the first Ignite version the lib was added to? As for .NET versions declarations, I'm for the way it handled right now by you. Btw, do you know where ASF explains the website build process? Failed to find it, it's not enough just to update the XML. Finally, looping in Garrett who can help with the editorial review. Garrett, could you please review README.txt from this pull-request? https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 - Denis On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <[hidden email]> wrote: > Igniters, > > please review crypto notice in > > https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 > > Only 2 open questions: about declaring released versions, and about > declaring .NET versions (.NET Core & . NET Classic). By default, I propose > to keep both. > > Sincerely, > Dmitriy Pavlov > > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <[hidden email]>: > > > Pavel, > > > > we need to follow the process from > > https://www.apache.org/dev/crypto.html#classify > > > > Please see similar products in the draft export matrix, > > > > > https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7 > > > > > > We don't ship JDK, but we designed our product to use a cryptographic > > feature from this 3rd party product, so we need to follow this process > and > > provide matrix update, add CRYPTO notice (I'll draft it). > > > > Other products don't declare all possible JDKs - > > http://www.apache.org/licenses/exports/#matrix So, probably, one > > declaration of .NET classic (Microsoft) would be enough. > > > > Sincerely, > > Dmitriy Pavlov > > > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <[hidden email]>: > > > >> >>Should it go instead of Microsoft? Should we mention .NET code in > >> addition > >> > >> >>to Microsoft? > >> > >> > >> > >> >Yes, I think we can do this. Ignite targets both of the them. And .NET > >> Core uses it’s own implementation of standard class library[1] > >> > >> >Pavel may correct me. > >> > >> > >> We use crypto APIs from standard class library. We ship our binaries, > but > >> we don't ship the framework binaries. > >> > >> Our binaries can be executed with .NET Core (open-source, MIT license), > >> Mono (open-source, MIT license), and .NET Classic (old framework, > >> Windows-only, Microsoft license). > >> > >> I'm still not sure what is the question we are trying to answer, though. > >> > >> > >> Thanks, > >> > >> Pavel > >> > >> > >> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <[hidden email]> > >> wrote: > >> > >> > >1) Declaring older versions of Ignite. > >> > > >> > >2) Is it correct to mention that Ignite uses .NET core controlled by > >> .NET > >> > > >> > >Foundation? E.g. as follows: > >> > > >> > >(controlled by) > >> > > >> > >.NET Foundation > >> > > >> > >title=Designed to use .NET Framework Cryptography Model > >> > > >> > >href=https://dotnetfoundation.org/projects > >> > > >> > > >> > > >> > >Should it go instead of Microsoft? Should we mention .NET code in > >> addition > >> > > >> > >to Microsoft? > >> > > >> > > >> > > >> > Yes, I think we can do this. Ignite targets both of the them. And .NET > >> > Core uses it’s own implementation of standard class library[1] > >> > > >> > Pavel may correct me. > >> > > >> > > >> > > >> > [1] https://github.com/dotnet/corefx > >> > > >> > > >> > > >> > *From: *Dmitriy Pavlov <[hidden email]> > >> > *Sent: *Monday, June 17, 2019 4:35 PM > >> > *To: *dev <[hidden email]> > >> > *Cc: *Denis Magda <[hidden email]>; Igor Sapego < > [hidden email]>; > >> Pavel > >> > Petroshenko <[hidden email]>; Nikolay Izhikov <[hidden email]> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S. > >> > > >> > > >> > > >> > Thanks, Pavel! > >> > > >> > > >> > > >> > Denis, Pavel, Igniters, please review the following proposal: > >> > > >> > > >> > > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage. > >> > > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage. > >> > > >> > - SSLContextFactory usage to be declared as JCA/JCE usage. > >> > > >> > - TDE to be declared as JCA/JCE > >> > > >> > > >> > > >> > Export matrix data to be published in ASF-level SVN: > >> > > >> > <<<<< > >> > > >> > Product Name > >> > > >> > Apache Ignite > >> > > >> > > >> > > >> > Versions > >> > > >> > development > >> > > >> > 2.7 and later <Earlier versions-TBD?> > >> > > >> > > >> > > >> > ECCN > >> > > >> > 5D002 > >> > > >> > > >> > > >> > Controlled source > >> > > >> > ASF > >> > > >> > title=Designed to use with built-in Java Cryptography Architecture > (JCA) > >> > > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git > >> > > >> > > >> > > >> > Oracle > >> > > >> > title=Designed to use with built-in Java encryption libraries (JCE) > >> > > >> > href= > >> https://www.oracle.com/technetwork/java/javase/downloads/index.html > >> > > >> > > >> > > >> > The OpenSSL Project > >> > > >> > title=Designed to use General Purpose cryptography library included > with > >> > > >> > OpenSSL > >> > > >> > href=https://www.openssl.org/source/ > >> > > >> > > >> > > >> > Microsoft > >> > > >> > title=Designed to use .NET Framework Cryptography Model > >> > > >> > href=https://dotnet.microsoft.com/download > >> > > >> > >>>>>> > >> > > >> > > >> > > >> > Open questions: > >> > > >> > 1) Declaring older versions of Ignite. > >> > > >> > 2) Is it correct to mention that Ignite uses .NET core controlled by > >> .NET > >> > > >> > Foundation? E.g. as follows: > >> > > >> > (controlled by) > >> > > >> > .NET Foundation > >> > > >> > title=Designed to use .NET Framework Cryptography Model > >> > > >> > href=https://dotnetfoundation.org/projects > >> > > >> > > >> > > >> > Should it go instead of Microsoft? Should we mention .NET code in > >> addition > >> > > >> > to Microsoft? > >> > > >> > > >> > > >> > Sincerely, > >> > > >> > Dmitriy Pavlov > >> > > >> > > >> > > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <[hidden email]>: > >> > > >> > > >> > > >> > > Hi Denis, > >> > > >> > > > >> > > >> > > Ignite.NET uses .NET Framework Standard Library for all security and > >> > > >> > > cryptographic related code. There are no dependencies on external > >> > > >> > > libraries. > >> > > >> > > > >> > > >> > > Thanks > >> > > >> > > > >> > > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: > >> > > >> > > > >> > > >> > > > Igniters, > >> > > >> > > > > >> > > >> > > > Regardless of the fact that Ignite is an open source software, ASF > >> as > >> > an > >> > > >> > > > entity based in the U.S. has to comply with certain exporting > >> > regulations > >> > > >> > > > [1]. > >> > > >> > > > > >> > > >> > > > Dmitry Pavlov and I are working on adding Ignite to the table [2] > of > >> > > >> > > > projects allowed for export and might need the assistance of some > of > >> > you. > >> > > >> > > > > >> > > >> > > > Here is a list of cryptographic functions used by Ignite (and > >> provided > >> > by > >> > > >> > > > a 3rd party vendor): > >> > > >> > > > > >> > > >> > > > 1. JDK SSL/TLS libraries if a user wishes to enable secured > >> > > >> > > > connectivity between cluster nodes. Manufacturer - > >> Oracle/OpenJDK ( > >> > > >> > > > https://apacheignite.readme.io/docs/ssltls) > >> > > >> > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries > >> for > >> > > >> > > > transparent data encryption of data on disk ( > >> > > >> > > > > https://apacheignite.readme.io/docs/transparent-data-encryption) > >> > > >> > > > 3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, > >> > could > >> > > >> > > > you check? > >> > > >> > > > 4. Libraries/vendors for C++ clients security (SSL, TLS, > anything > >> > > >> > > > else?). *Igor Sapego*, could you please check? > >> > > >> > > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear > thin > >> > > >> > > > client contributors*, please facilitate. > >> > > >> > > > 6. Anything else missing from the list? We don't have any > custom > >> > > >> > > > crypto features, right? > >> > > >> > > > > >> > > >> > > > All of these usages/integrations have to comply with the following > >> > > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to Export > >> > > >> > > > Administration Regulations of the U.S.A. > >> > > >> > > > > >> > > >> > > > [1] http://www.apache.org/licenses/exports/ > >> > > >> > > > [2] http://www.apache.org/licenses/exports/#matrix > >> > > >> > > > [3] https://www.apache.org/dev/crypto.html#classify > >> > > >> > > > > >> > > >> > > > > >> > > >> > > > - > >> > > >> > > > Denis > >> > > >> > > > > >> > > >> > > > >> > > >> > > >> > > >> > > > |
Re: Signing off Ignite for export beyond the U.S.
|
|
Hi Denis,
Build process seems to be mentioned only here https://www.apache.org/dev/crypto.html#sources It also mentions some bisnotice XSLT transformation, which is available at SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/ For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/ is more appropriate. I will test it locally. The only thing I've found for now is the following scripts at the root of SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/ bisnotice.cmd bisnotice.sh Sincerely, Dmitriy Pavlov ср, 19 июн. 2019 г. в 01:40, Denis Magda <[hidden email]>: > Dmitriy, > > I think that it's required to enlist all of the publicly released Ignite > versions (available for download from the website). It means that the XML > should have the following controlled sources grouped by Ignite versions' > ranges. > > - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse Foundation > - Ignite 1.5.0 and later: all of the controller versions listed by you. > > Not sure about JCraft only. What was the first Ignite version the lib was > added to? > > As for .NET versions declarations, I'm for the way it handled right now by > you. Btw, do you know where ASF explains the website build process? Failed > to find it, it's not enough just to update the XML. > > Finally, looping in Garrett who can help with the editorial review. > Garrett, could you please review README.txt from this pull-request? > > https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 > > > - > Denis > > > On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <[hidden email]> wrote: > > > Igniters, > > > > please review crypto notice in > > > > > https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 > > > > Only 2 open questions: about declaring released versions, and about > > declaring .NET versions (.NET Core & . NET Classic). By default, I > propose > > to keep both. > > > > Sincerely, > > Dmitriy Pavlov > > > > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <[hidden email]>: > > > > > Pavel, > > > > > > we need to follow the process from > > > https://www.apache.org/dev/crypto.html#classify > > > > > > Please see similar products in the draft export matrix, > > > > > > > > > https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7 > > > > > > > > > We don't ship JDK, but we designed our product to use a cryptographic > > > feature from this 3rd party product, so we need to follow this process > > and > > > provide matrix update, add CRYPTO notice (I'll draft it). > > > > > > Other products don't declare all possible JDKs - > > > http://www.apache.org/licenses/exports/#matrix So, probably, one > > > declaration of .NET classic (Microsoft) would be enough. > > > > > > Sincerely, > > > Dmitriy Pavlov > > > > > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <[hidden email]>: > > > > > >> >>Should it go instead of Microsoft? Should we mention .NET code in > > >> addition > > >> > > >> >>to Microsoft? > > >> > > >> > > >> > > >> >Yes, I think we can do this. Ignite targets both of the them. And > .NET > > >> Core uses it’s own implementation of standard class library[1] > > >> > > >> >Pavel may correct me. > > >> > > >> > > >> We use crypto APIs from standard class library. We ship our binaries, > > but > > >> we don't ship the framework binaries. > > >> > > >> Our binaries can be executed with .NET Core (open-source, MIT > license), > > >> Mono (open-source, MIT license), and .NET Classic (old framework, > > >> Windows-only, Microsoft license). > > >> > > >> I'm still not sure what is the question we are trying to answer, > though. > > >> > > >> > > >> Thanks, > > >> > > >> Pavel > > >> > > >> > > >> > > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <[hidden email]> > > >> wrote: > > >> > > >> > >1) Declaring older versions of Ignite. > > >> > > > >> > >2) Is it correct to mention that Ignite uses .NET core controlled > by > > >> .NET > > >> > > > >> > >Foundation? E.g. as follows: > > >> > > > >> > >(controlled by) > > >> > > > >> > >.NET Foundation > > >> > > > >> > >title=Designed to use .NET Framework Cryptography Model > > >> > > > >> > >href=https://dotnetfoundation.org/projects > > >> > > > >> > > > >> > > > >> > >Should it go instead of Microsoft? Should we mention .NET code in > > >> addition > > >> > > > >> > >to Microsoft? > > >> > > > >> > > > >> > > > >> > Yes, I think we can do this. Ignite targets both of the them. And > .NET > > >> > Core uses it’s own implementation of standard class library[1] > > >> > > > >> > Pavel may correct me. > > >> > > > >> > > > >> > > > >> > [1] https://github.com/dotnet/corefx > > >> > > > >> > > > >> > > > >> > *From: *Dmitriy Pavlov <[hidden email]> > > >> > *Sent: *Monday, June 17, 2019 4:35 PM > > >> > *To: *dev <[hidden email]> > > >> > *Cc: *Denis Magda <[hidden email]>; Igor Sapego < > > [hidden email]>; > > >> Pavel > > >> > Petroshenko <[hidden email]>; Nikolay Izhikov <[hidden email] > > > > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S. > > >> > > > >> > > > >> > > > >> > Thanks, Pavel! > > >> > > > >> > > > >> > > > >> > Denis, Pavel, Igniters, please review the following proposal: > > >> > > > >> > > > >> > > > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage. > > >> > > > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage. > > >> > > > >> > - SSLContextFactory usage to be declared as JCA/JCE usage. > > >> > > > >> > - TDE to be declared as JCA/JCE > > >> > > > >> > > > >> > > > >> > Export matrix data to be published in ASF-level SVN: > > >> > > > >> > <<<<< > > >> > > > >> > Product Name > > >> > > > >> > Apache Ignite > > >> > > > >> > > > >> > > > >> > Versions > > >> > > > >> > development > > >> > > > >> > 2.7 and later <Earlier versions-TBD?> > > >> > > > >> > > > >> > > > >> > ECCN > > >> > > > >> > 5D002 > > >> > > > >> > > > >> > > > >> > Controlled source > > >> > > > >> > ASF > > >> > > > >> > title=Designed to use with built-in Java Cryptography Architecture > > (JCA) > > >> > > > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git > > >> > > > >> > > > >> > > > >> > Oracle > > >> > > > >> > title=Designed to use with built-in Java encryption libraries (JCE) > > >> > > > >> > href= > > >> https://www.oracle.com/technetwork/java/javase/downloads/index.html > > >> > > > >> > > > >> > > > >> > The OpenSSL Project > > >> > > > >> > title=Designed to use General Purpose cryptography library included > > with > > >> > > > >> > OpenSSL > > >> > > > >> > href=https://www.openssl.org/source/ > > >> > > > >> > > > >> > > > >> > Microsoft > > >> > > > >> > title=Designed to use .NET Framework Cryptography Model > > >> > > > >> > href=https://dotnet.microsoft.com/download > > >> > > > >> > >>>>>> > > >> > > > >> > > > >> > > > >> > Open questions: > > >> > > > >> > 1) Declaring older versions of Ignite. > > >> > > > >> > 2) Is it correct to mention that Ignite uses .NET core controlled by > > >> .NET > > >> > > > >> > Foundation? E.g. as follows: > > >> > > > >> > (controlled by) > > >> > > > >> > .NET Foundation > > >> > > > >> > title=Designed to use .NET Framework Cryptography Model > > >> > > > >> > href=https://dotnetfoundation.org/projects > > >> > > > >> > > > >> > > > >> > Should it go instead of Microsoft? Should we mention .NET code in > > >> addition > > >> > > > >> > to Microsoft? > > >> > > > >> > > > >> > > > >> > Sincerely, > > >> > > > >> > Dmitriy Pavlov > > >> > > > >> > > > >> > > > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <[hidden email]>: > > >> > > > >> > > > >> > > > >> > > Hi Denis, > > >> > > > >> > > > > >> > > > >> > > Ignite.NET uses .NET Framework Standard Library for all security > and > > >> > > > >> > > cryptographic related code. There are no dependencies on external > > >> > > > >> > > libraries. > > >> > > > >> > > > > >> > > > >> > > Thanks > > >> > > > >> > > > > >> > > > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: > > >> > > > >> > > > > >> > > > >> > > > Igniters, > > >> > > > >> > > > > > >> > > > >> > > > Regardless of the fact that Ignite is an open source software, > ASF > > >> as > > >> > an > > >> > > > >> > > > entity based in the U.S. has to comply with certain exporting > > >> > regulations > > >> > > > >> > > > [1]. > > >> > > > >> > > > > > >> > > > >> > > > Dmitry Pavlov and I are working on adding Ignite to the table > [2] > > of > > >> > > > >> > > > projects allowed for export and might need the assistance of > some > > of > > >> > you. > > >> > > > >> > > > > > >> > > > >> > > > Here is a list of cryptographic functions used by Ignite (and > > >> provided > > >> > by > > >> > > > >> > > > a 3rd party vendor): > > >> > > > >> > > > > > >> > > > >> > > > 1. JDK SSL/TLS libraries if a user wishes to enable secured > > >> > > > >> > > > connectivity between cluster nodes. Manufacturer - > > >> Oracle/OpenJDK ( > > >> > > > >> > > > https://apacheignite.readme.io/docs/ssltls) > > >> > > > >> > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java > libraries > > >> for > > >> > > > >> > > > transparent data encryption of data on disk ( > > >> > > > >> > > > > > https://apacheignite.readme.io/docs/transparent-data-encryption) > > >> > > > >> > > > 3. Libraries/vendors for .NET nodes security?* Pavel > Tupitsyn*, > > >> > could > > >> > > > >> > > > you check? > > >> > > > >> > > > 4. Libraries/vendors for C++ clients security (SSL, TLS, > > anything > > >> > > > >> > > > else?). *Igor Sapego*, could you please check? > > >> > > > >> > > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear > > thin > > >> > > > >> > > > client contributors*, please facilitate. > > >> > > > >> > > > 6. Anything else missing from the list? We don't have any > > custom > > >> > > > >> > > > crypto features, right? > > >> > > > >> > > > > > >> > > > >> > > > All of these usages/integrations have to comply with the > following > > >> > > > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to > Export > > >> > > > >> > > > Administration Regulations of the U.S.A. > > >> > > > >> > > > > > >> > > > >> > > > [1] http://www.apache.org/licenses/exports/ > > >> > > > >> > > > [2] http://www.apache.org/licenses/exports/#matrix > > >> > > > >> > > > [3] https://www.apache.org/dev/crypto.html#classify > > >> > > > >> > > > > > >> > > > >> > > > > > >> > > > >> > > > - > > >> > > > >> > > > Denis > > >> > > > >> > > > > > >> > > > >> > > > > >> > > > >> > > > >> > > > >> > > > > > > |
Re: Signing off Ignite for export beyond the U.S.
|
|
Igniters,
as for older versions, I've started to collect information of crypto providers usages in older versions, please help me to finalize this doc so I could prepare a declaration of older versions. https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing I'm not sure if the time of Incubation counts, but, anyway, let' collect information about the history of modules. Sincerely, Dmitriy Pavlov ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <[hidden email]>: > Hi Denis, > > Build process seems to be mentioned only here > https://www.apache.org/dev/crypto.html#sources It also mentions some > bisnotice XSLT transformation, which is available at SVN here > https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/ > > For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from > https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/ > is more appropriate. I will test it locally. > > The only thing I've found for now is the following scripts at the root of > SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/ > bisnotice.cmd > bisnotice.sh > > Sincerely, > Dmitriy Pavlov > > ср, 19 июн. 2019 г. в 01:40, Denis Magda <[hidden email]>: > >> Dmitriy, >> >> I think that it's required to enlist all of the publicly released Ignite >> versions (available for download from the website). It means that the XML >> should have the following controlled sources grouped by Ignite versions' >> ranges. >> >> - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse Foundation >> - Ignite 1.5.0 and later: all of the controller versions listed by you. >> >> Not sure about JCraft only. What was the first Ignite version the lib was >> added to? >> >> As for .NET versions declarations, I'm for the way it handled right now by >> you. Btw, do you know where ASF explains the website build process? Failed >> to find it, it's not enough just to update the XML. >> >> Finally, looping in Garrett who can help with the editorial review. >> Garrett, could you please review README.txt from this pull-request? >> >> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 >> >> >> - >> Denis >> >> >> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <[hidden email]> >> wrote: >> >> > Igniters, >> > >> > please review crypto notice in >> > >> > >> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 >> > >> > Only 2 open questions: about declaring released versions, and about >> > declaring .NET versions (.NET Core & . NET Classic). By default, I >> propose >> > to keep both. >> > >> > Sincerely, >> > Dmitriy Pavlov >> > >> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <[hidden email]>: >> > >> > > Pavel, >> > > >> > > we need to follow the process from >> > > https://www.apache.org/dev/crypto.html#classify >> > > >> > > Please see similar products in the draft export matrix, >> > > >> > > >> > >> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7 >> > > >> > > >> > > We don't ship JDK, but we designed our product to use a cryptographic >> > > feature from this 3rd party product, so we need to follow this process >> > and >> > > provide matrix update, add CRYPTO notice (I'll draft it). >> > > >> > > Other products don't declare all possible JDKs - >> > > http://www.apache.org/licenses/exports/#matrix So, probably, one >> > > declaration of .NET classic (Microsoft) would be enough. >> > > >> > > Sincerely, >> > > Dmitriy Pavlov >> > > >> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <[hidden email]>: >> > > >> > >> >>Should it go instead of Microsoft? Should we mention .NET code in >> > >> addition >> > >> >> > >> >>to Microsoft? >> > >> >> > >> >> > >> >> > >> >Yes, I think we can do this. Ignite targets both of the them. And >> .NET >> > >> Core uses it’s own implementation of standard class library[1] >> > >> >> > >> >Pavel may correct me. >> > >> >> > >> >> > >> We use crypto APIs from standard class library. We ship our binaries, >> > but >> > >> we don't ship the framework binaries. >> > >> >> > >> Our binaries can be executed with .NET Core (open-source, MIT >> license), >> > >> Mono (open-source, MIT license), and .NET Classic (old framework, >> > >> Windows-only, Microsoft license). >> > >> >> > >> I'm still not sure what is the question we are trying to answer, >> though. >> > >> >> > >> >> > >> Thanks, >> > >> >> > >> Pavel >> > >> >> > >> >> > >> >> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <[hidden email]> >> > >> wrote: >> > >> >> > >> > >1) Declaring older versions of Ignite. >> > >> > >> > >> > >2) Is it correct to mention that Ignite uses .NET core controlled >> by >> > >> .NET >> > >> > >> > >> > >Foundation? E.g. as follows: >> > >> > >> > >> > >(controlled by) >> > >> > >> > >> > >.NET Foundation >> > >> > >> > >> > >title=Designed to use .NET Framework Cryptography Model >> > >> > >> > >> > >href=https://dotnetfoundation.org/projects >> > >> > >> > >> > >> > >> > >> > >> > >Should it go instead of Microsoft? Should we mention .NET code in >> > >> addition >> > >> > >> > >> > >to Microsoft? >> > >> > >> > >> > >> > >> > >> > >> > Yes, I think we can do this. Ignite targets both of the them. And >> .NET >> > >> > Core uses it’s own implementation of standard class library[1] >> > >> > >> > >> > Pavel may correct me. >> > >> > >> > >> > >> > >> > >> > >> > [1] https://github.com/dotnet/corefx >> > >> > >> > >> > >> > >> > >> > >> > *From: *Dmitriy Pavlov <[hidden email]> >> > >> > *Sent: *Monday, June 17, 2019 4:35 PM >> > >> > *To: *dev <[hidden email]> >> > >> > *Cc: *Denis Magda <[hidden email]>; Igor Sapego < >> > [hidden email]>; >> > >> Pavel >> > >> > Petroshenko <[hidden email]>; Nikolay Izhikov < >> [hidden email]> >> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S. >> > >> > >> > >> > >> > >> > >> > >> > Thanks, Pavel! >> > >> > >> > >> > >> > >> > >> > >> > Denis, Pavel, Igniters, please review the following proposal: >> > >> > >> > >> > >> > >> > >> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage. >> > >> > >> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage. >> > >> > >> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage. >> > >> > >> > >> > - TDE to be declared as JCA/JCE >> > >> > >> > >> > >> > >> > >> > >> > Export matrix data to be published in ASF-level SVN: >> > >> > >> > >> > <<<<< >> > >> > >> > >> > Product Name >> > >> > >> > >> > Apache Ignite >> > >> > >> > >> > >> > >> > >> > >> > Versions >> > >> > >> > >> > development >> > >> > >> > >> > 2.7 and later <Earlier versions-TBD?> >> > >> > >> > >> > >> > >> > >> > >> > ECCN >> > >> > >> > >> > 5D002 >> > >> > >> > >> > >> > >> > >> > >> > Controlled source >> > >> > >> > >> > ASF >> > >> > >> > >> > title=Designed to use with built-in Java Cryptography Architecture >> > (JCA) >> > >> > >> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git >> > >> > >> > >> > >> > >> > >> > >> > Oracle >> > >> > >> > >> > title=Designed to use with built-in Java encryption libraries (JCE) >> > >> > >> > >> > href= >> > >> https://www.oracle.com/technetwork/java/javase/downloads/index.html >> > >> > >> > >> > >> > >> > >> > >> > The OpenSSL Project >> > >> > >> > >> > title=Designed to use General Purpose cryptography library included >> > with >> > >> > >> > >> > OpenSSL >> > >> > >> > >> > href=https://www.openssl.org/source/ >> > >> > >> > >> > >> > >> > >> > >> > Microsoft >> > >> > >> > >> > title=Designed to use .NET Framework Cryptography Model >> > >> > >> > >> > href=https://dotnet.microsoft.com/download >> > >> > >> > >> > >>>>>> >> > >> > >> > >> > >> > >> > >> > >> > Open questions: >> > >> > >> > >> > 1) Declaring older versions of Ignite. >> > >> > >> > >> > 2) Is it correct to mention that Ignite uses .NET core controlled >> by >> > >> .NET >> > >> > >> > >> > Foundation? E.g. as follows: >> > >> > >> > >> > (controlled by) >> > >> > >> > >> > .NET Foundation >> > >> > >> > >> > title=Designed to use .NET Framework Cryptography Model >> > >> > >> > >> > href=https://dotnetfoundation.org/projects >> > >> > >> > >> > >> > >> > >> > >> > Should it go instead of Microsoft? Should we mention .NET code in >> > >> addition >> > >> > >> > >> > to Microsoft? >> > >> > >> > >> > >> > >> > >> > >> > Sincerely, >> > >> > >> > >> > Dmitriy Pavlov >> > >> > >> > >> > >> > >> > >> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <[hidden email] >> >: >> > >> > >> > >> > >> > >> > >> > >> > > Hi Denis, >> > >> > >> > >> > > >> > >> > >> > >> > > Ignite.NET uses .NET Framework Standard Library for all security >> and >> > >> > >> > >> > > cryptographic related code. There are no dependencies on external >> > >> > >> > >> > > libraries. >> > >> > >> > >> > > >> > >> > >> > >> > > Thanks >> > >> > >> > >> > > >> > >> > >> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: >> > >> > >> > >> > > >> > >> > >> > >> > > > Igniters, >> > >> > >> > >> > > > >> > >> > >> > >> > > > Regardless of the fact that Ignite is an open source software, >> ASF >> > >> as >> > >> > an >> > >> > >> > >> > > > entity based in the U.S. has to comply with certain exporting >> > >> > regulations >> > >> > >> > >> > > > [1]. >> > >> > >> > >> > > > >> > >> > >> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the table >> [2] >> > of >> > >> > >> > >> > > > projects allowed for export and might need the assistance of >> some >> > of >> > >> > you. >> > >> > >> > >> > > > >> > >> > >> > >> > > > Here is a list of cryptographic functions used by Ignite (and >> > >> provided >> > >> > by >> > >> > >> > >> > > > a 3rd party vendor): >> > >> > >> > >> > > > >> > >> > >> > >> > > > 1. JDK SSL/TLS libraries if a user wishes to enable secured >> > >> > >> > >> > > > connectivity between cluster nodes. Manufacturer - >> > >> Oracle/OpenJDK ( >> > >> > >> > >> > > > https://apacheignite.readme.io/docs/ssltls) >> > >> > >> > >> > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java >> libraries >> > >> for >> > >> > >> > >> > > > transparent data encryption of data on disk ( >> > >> > >> > >> > > > >> > https://apacheignite.readme.io/docs/transparent-data-encryption) >> > >> > >> > >> > > > 3. Libraries/vendors for .NET nodes security?* Pavel >> Tupitsyn*, >> > >> > could >> > >> > >> > >> > > > you check? >> > >> > >> > >> > > > 4. Libraries/vendors for C++ clients security (SSL, TLS, >> > anything >> > >> > >> > >> > > > else?). *Igor Sapego*, could you please check? >> > >> > >> > >> > > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear >> > thin >> > >> > >> > >> > > > client contributors*, please facilitate. >> > >> > >> > >> > > > 6. Anything else missing from the list? We don't have any >> > custom >> > >> > >> > >> > > > crypto features, right? >> > >> > >> > >> > > > >> > >> > >> > >> > > > All of these usages/integrations have to comply with the >> following >> > >> > >> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to >> Export >> > >> > >> > >> > > > Administration Regulations of the U.S.A. >> > >> > >> > >> > > > >> > >> > >> > >> > > > [1] http://www.apache.org/licenses/exports/ >> > >> > >> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix >> > >> > >> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify >> > >> > >> > >> > > > >> > >> > >> > >> > > > >> > >> > >> > >> > > > - >> > >> > >> > >> > > > Denis >> > >> > >> > >> > > > >> > >> > >> > >> > > >> > >> > >> > >> > >> > >> > >> > >> >> > > >> > >> > |
Re: Signing off Ignite for export beyond the U.S.
|
|
Hi Denis,
I still have no info related to starting version of .NET encryption support. So I supposed it was 1.5. I've started both XSTLs and added an example of both XLTs output to google doc tabs. One transformer is for email template generation (requires project name), another is for the site table. Only one TODO now left in the PR version of the update. All other stuff is ready for publishing: https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8 Sincerely, Dmitriy Pavlov P.S. I'm not sure that dev. the list will keep formatting, but anyway here is transformer output example as text. Apache Ignite Project Product Name Versions ECCN Controlled Source Apache Ignite development 5D002 ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse Foundation 2.5.0 - latest 5D002 ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse Foundation 1.5.0.final - 2.4.0 5D002 ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse Foundation 1.0.0 - 1.5.0-b1 5D002 ASF, Oracle, JCraft, Inc., The Eclipse Foundation ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <[hidden email]>: > Igniters, > > as for older versions, I've started to collect information of crypto > providers usages in older versions, please help me to finalize this doc so > I could prepare a declaration of older versions. > > > https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing > > I'm not sure if the time of Incubation counts, but, anyway, let' collect > information about the history of modules. > > Sincerely, > Dmitriy Pavlov > > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <[hidden email]>: > >> Hi Denis, >> >> Build process seems to be mentioned only here >> https://www.apache.org/dev/crypto.html#sources It also mentions some >> bisnotice XSLT transformation, which is available at SVN here >> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/ >> >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from >> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/ >> is more appropriate. I will test it locally. >> >> The only thing I've found for now is the following scripts at the root of >> SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/ >> bisnotice.cmd >> bisnotice.sh >> >> Sincerely, >> Dmitriy Pavlov >> >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <[hidden email]>: >> >>> Dmitriy, >>> >>> I think that it's required to enlist all of the publicly released Ignite >>> versions (available for download from the website). It means that the XML >>> should have the following controlled sources grouped by Ignite versions' >>> ranges. >>> >>> - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse Foundation >>> - Ignite 1.5.0 and later: all of the controller versions listed by >>> you. >>> >>> Not sure about JCraft only. What was the first Ignite version the lib was >>> added to? >>> >>> As for .NET versions declarations, I'm for the way it handled right now >>> by >>> you. Btw, do you know where ASF explains the website build process? >>> Failed >>> to find it, it's not enough just to update the XML. >>> >>> Finally, looping in Garrett who can help with the editorial review. >>> Garrett, could you please review README.txt from this pull-request? >>> >>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 >>> >>> >>> - >>> Denis >>> >>> >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <[hidden email]> >>> wrote: >>> >>> > Igniters, >>> > >>> > please review crypto notice in >>> > >>> > >>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 >>> > >>> > Only 2 open questions: about declaring released versions, and about >>> > declaring .NET versions (.NET Core & . NET Classic). By default, I >>> propose >>> > to keep both. >>> > >>> > Sincerely, >>> > Dmitriy Pavlov >>> > >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <[hidden email]>: >>> > >>> > > Pavel, >>> > > >>> > > we need to follow the process from >>> > > https://www.apache.org/dev/crypto.html#classify >>> > > >>> > > Please see similar products in the draft export matrix, >>> > > >>> > > >>> > >>> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7 >>> > > >>> > > >>> > > We don't ship JDK, but we designed our product to use a cryptographic >>> > > feature from this 3rd party product, so we need to follow this >>> process >>> > and >>> > > provide matrix update, add CRYPTO notice (I'll draft it). >>> > > >>> > > Other products don't declare all possible JDKs - >>> > > http://www.apache.org/licenses/exports/#matrix So, probably, one >>> > > declaration of .NET classic (Microsoft) would be enough. >>> > > >>> > > Sincerely, >>> > > Dmitriy Pavlov >>> > > >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <[hidden email]>: >>> > > >>> > >> >>Should it go instead of Microsoft? Should we mention .NET code in >>> > >> addition >>> > >> >>> > >> >>to Microsoft? >>> > >> >>> > >> >>> > >> >>> > >> >Yes, I think we can do this. Ignite targets both of the them. And >>> .NET >>> > >> Core uses it’s own implementation of standard class library[1] >>> > >> >>> > >> >Pavel may correct me. >>> > >> >>> > >> >>> > >> We use crypto APIs from standard class library. We ship our >>> binaries, >>> > but >>> > >> we don't ship the framework binaries. >>> > >> >>> > >> Our binaries can be executed with .NET Core (open-source, MIT >>> license), >>> > >> Mono (open-source, MIT license), and .NET Classic (old framework, >>> > >> Windows-only, Microsoft license). >>> > >> >>> > >> I'm still not sure what is the question we are trying to answer, >>> though. >>> > >> >>> > >> >>> > >> Thanks, >>> > >> >>> > >> Pavel >>> > >> >>> > >> >>> > >> >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <[hidden email] >>> > >>> > >> wrote: >>> > >> >>> > >> > >1) Declaring older versions of Ignite. >>> > >> > >>> > >> > >2) Is it correct to mention that Ignite uses .NET core >>> controlled by >>> > >> .NET >>> > >> > >>> > >> > >Foundation? E.g. as follows: >>> > >> > >>> > >> > >(controlled by) >>> > >> > >>> > >> > >.NET Foundation >>> > >> > >>> > >> > >title=Designed to use .NET Framework Cryptography Model >>> > >> > >>> > >> > >href=https://dotnetfoundation.org/projects >>> > >> > >>> > >> > >>> > >> > >>> > >> > >Should it go instead of Microsoft? Should we mention .NET code in >>> > >> addition >>> > >> > >>> > >> > >to Microsoft? >>> > >> > >>> > >> > >>> > >> > >>> > >> > Yes, I think we can do this. Ignite targets both of the them. And >>> .NET >>> > >> > Core uses it’s own implementation of standard class library[1] >>> > >> > >>> > >> > Pavel may correct me. >>> > >> > >>> > >> > >>> > >> > >>> > >> > [1] https://github.com/dotnet/corefx >>> > >> > >>> > >> > >>> > >> > >>> > >> > *From: *Dmitriy Pavlov <[hidden email]> >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM >>> > >> > *To: *dev <[hidden email]> >>> > >> > *Cc: *Denis Magda <[hidden email]>; Igor Sapego < >>> > [hidden email]>; >>> > >> Pavel >>> > >> > Petroshenko <[hidden email]>; Nikolay Izhikov < >>> [hidden email]> >>> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S. >>> > >> > >>> > >> > >>> > >> > >>> > >> > Thanks, Pavel! >>> > >> > >>> > >> > >>> > >> > >>> > >> > Denis, Pavel, Igniters, please review the following proposal: >>> > >> > >>> > >> > >>> > >> > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage. >>> > >> > >>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage. >>> > >> > >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage. >>> > >> > >>> > >> > - TDE to be declared as JCA/JCE >>> > >> > >>> > >> > >>> > >> > >>> > >> > Export matrix data to be published in ASF-level SVN: >>> > >> > >>> > >> > <<<<< >>> > >> > >>> > >> > Product Name >>> > >> > >>> > >> > Apache Ignite >>> > >> > >>> > >> > >>> > >> > >>> > >> > Versions >>> > >> > >>> > >> > development >>> > >> > >>> > >> > 2.7 and later <Earlier versions-TBD?> >>> > >> > >>> > >> > >>> > >> > >>> > >> > ECCN >>> > >> > >>> > >> > 5D002 >>> > >> > >>> > >> > >>> > >> > >>> > >> > Controlled source >>> > >> > >>> > >> > ASF >>> > >> > >>> > >> > title=Designed to use with built-in Java Cryptography Architecture >>> > (JCA) >>> > >> > >>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git >>> > >> > >>> > >> > >>> > >> > >>> > >> > Oracle >>> > >> > >>> > >> > title=Designed to use with built-in Java encryption libraries >>> (JCE) >>> > >> > >>> > >> > href= >>> > >> https://www.oracle.com/technetwork/java/javase/downloads/index.html >>> > >> > >>> > >> > >>> > >> > >>> > >> > The OpenSSL Project >>> > >> > >>> > >> > title=Designed to use General Purpose cryptography library >>> included >>> > with >>> > >> > >>> > >> > OpenSSL >>> > >> > >>> > >> > href=https://www.openssl.org/source/ >>> > >> > >>> > >> > >>> > >> > >>> > >> > Microsoft >>> > >> > >>> > >> > title=Designed to use .NET Framework Cryptography Model >>> > >> > >>> > >> > href=https://dotnet.microsoft.com/download >>> > >> > >>> > >> > >>>>>> >>> > >> > >>> > >> > >>> > >> > >>> > >> > Open questions: >>> > >> > >>> > >> > 1) Declaring older versions of Ignite. >>> > >> > >>> > >> > 2) Is it correct to mention that Ignite uses .NET core controlled >>> by >>> > >> .NET >>> > >> > >>> > >> > Foundation? E.g. as follows: >>> > >> > >>> > >> > (controlled by) >>> > >> > >>> > >> > .NET Foundation >>> > >> > >>> > >> > title=Designed to use .NET Framework Cryptography Model >>> > >> > >>> > >> > href=https://dotnetfoundation.org/projects >>> > >> > >>> > >> > >>> > >> > >>> > >> > Should it go instead of Microsoft? Should we mention .NET code in >>> > >> addition >>> > >> > >>> > >> > to Microsoft? >>> > >> > >>> > >> > >>> > >> > >>> > >> > Sincerely, >>> > >> > >>> > >> > Dmitriy Pavlov >>> > >> > >>> > >> > >>> > >> > >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <[hidden email] >>> >: >>> > >> > >>> > >> > >>> > >> > >>> > >> > > Hi Denis, >>> > >> > >>> > >> > > >>> > >> > >>> > >> > > Ignite.NET uses .NET Framework Standard Library for all >>> security and >>> > >> > >>> > >> > > cryptographic related code. There are no dependencies on >>> external >>> > >> > >>> > >> > > libraries. >>> > >> > >>> > >> > > >>> > >> > >>> > >> > > Thanks >>> > >> > >>> > >> > > >>> > >> > >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: >>> > >> > >>> > >> > > >>> > >> > >>> > >> > > > Igniters, >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > Regardless of the fact that Ignite is an open source >>> software, ASF >>> > >> as >>> > >> > an >>> > >> > >>> > >> > > > entity based in the U.S. has to comply with certain exporting >>> > >> > regulations >>> > >> > >>> > >> > > > [1]. >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the table >>> [2] >>> > of >>> > >> > >>> > >> > > > projects allowed for export and might need the assistance of >>> some >>> > of >>> > >> > you. >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > Here is a list of cryptographic functions used by Ignite (and >>> > >> provided >>> > >> > by >>> > >> > >>> > >> > > > a 3rd party vendor): >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > 1. JDK SSL/TLS libraries if a user wishes to enable secured >>> > >> > >>> > >> > > > connectivity between cluster nodes. Manufacturer - >>> > >> Oracle/OpenJDK ( >>> > >> > >>> > >> > > > https://apacheignite.readme.io/docs/ssltls) >>> > >> > >>> > >> > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java >>> libraries >>> > >> for >>> > >> > >>> > >> > > > transparent data encryption of data on disk ( >>> > >> > >>> > >> > > > >>> > https://apacheignite.readme.io/docs/transparent-data-encryption) >>> > >> > >>> > >> > > > 3. Libraries/vendors for .NET nodes security?* Pavel >>> Tupitsyn*, >>> > >> > could >>> > >> > >>> > >> > > > you check? >>> > >> > >>> > >> > > > 4. Libraries/vendors for C++ clients security (SSL, TLS, >>> > anything >>> > >> > >>> > >> > > > else?). *Igor Sapego*, could you please check? >>> > >> > >>> > >> > > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? >>> *Dear >>> > thin >>> > >> > >>> > >> > > > client contributors*, please facilitate. >>> > >> > >>> > >> > > > 6. Anything else missing from the list? We don't have any >>> > custom >>> > >> > >>> > >> > > > crypto features, right? >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > All of these usages/integrations have to comply with the >>> following >>> > >> > >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to >>> Export >>> > >> > >>> > >> > > > Administration Regulations of the U.S.A. >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > [1] http://www.apache.org/licenses/exports/ >>> > >> > >>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix >>> > >> > >>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > - >>> > >> > >>> > >> > > > Denis >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > >>> > >> > >>> > >> > >>> > >> > >>> > >> >>> > > >>> > >>> >> |
Re: Signing off Ignite for export beyond the U.S.
|
|
Pavel,
I still have no info related to starting version of .NET encryption > support. So I supposed it was 1.5. Could you please help with this last open item? Dmitry, thanks for the final summary. I'll contact ASF folks trying to find the ASF website dev instructions. -- Denis Magda On Wed, Jun 19, 2019 at 11:35 AM Dmitriy Pavlov <[hidden email]> wrote: > Hi Denis, > > I still have no info related to starting version of .NET encryption > support. So I supposed it was 1.5. > > I've started both XSTLs and added an example of both XLTs output to google > doc tabs. One transformer is for email template generation (requires > project name), another is for the site table. > > Only one TODO now left in the PR version of the update. All other stuff is > ready for publishing: > > https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8 > > Sincerely, > Dmitriy Pavlov > > P.S. I'm not sure that dev. the list will keep formatting, but anyway here > is transformer output example as text. > > Apache Ignite Project > Product Name Versions ECCN > Controlled Source > Apache Ignite development 5D002 > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, Inc., > The Eclipse Foundation > 2.5.0 - latest 5D002 > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, Inc., > The Eclipse Foundation > 1.5.0.final - 2.4.0 5D002 > ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse > Foundation > 1.0.0 - 1.5.0-b1 5D002 > ASF, Oracle, JCraft, Inc., The Eclipse Foundation > > ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <[hidden email]>: > > > Igniters, > > > > as for older versions, I've started to collect information of crypto > > providers usages in older versions, please help me to finalize this doc > so > > I could prepare a declaration of older versions. > > > > > > > https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing > > > > I'm not sure if the time of Incubation counts, but, anyway, let' collect > > information about the history of modules. > > > > Sincerely, > > Dmitriy Pavlov > > > > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <[hidden email]>: > > > >> Hi Denis, > >> > >> Build process seems to be mentioned only here > >> https://www.apache.org/dev/crypto.html#sources It also mentions some > >> bisnotice XSLT transformation, which is available at SVN here > >> > https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/ > >> > >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from > >> > https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/ > >> is more appropriate. I will test it locally. > >> > >> The only thing I've found for now is the following scripts at the root > of > >> SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/ > >> bisnotice.cmd > >> bisnotice.sh > >> > >> Sincerely, > >> Dmitriy Pavlov > >> > >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <[hidden email]>: > >> > >>> Dmitriy, > >>> > >>> I think that it's required to enlist all of the publicly released > Ignite > >>> versions (available for download from the website). It means that the > XML > >>> should have the following controlled sources grouped by Ignite > versions' > >>> ranges. > >>> > >>> - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse > Foundation > >>> - Ignite 1.5.0 and later: all of the controller versions listed by > >>> you. > >>> > >>> Not sure about JCraft only. What was the first Ignite version the lib > was > >>> added to? > >>> > >>> As for .NET versions declarations, I'm for the way it handled right now > >>> by > >>> you. Btw, do you know where ASF explains the website build process? > >>> Failed > >>> to find it, it's not enough just to update the XML. > >>> > >>> Finally, looping in Garrett who can help with the editorial review. > >>> Garrett, could you please review README.txt from this pull-request? > >>> > >>> > https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 > >>> > >>> > >>> - > >>> Denis > >>> > >>> > >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <[hidden email]> > >>> wrote: > >>> > >>> > Igniters, > >>> > > >>> > please review crypto notice in > >>> > > >>> > > >>> > https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 > >>> > > >>> > Only 2 open questions: about declaring released versions, and about > >>> > declaring .NET versions (.NET Core & . NET Classic). By default, I > >>> propose > >>> > to keep both. > >>> > > >>> > Sincerely, > >>> > Dmitriy Pavlov > >>> > > >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <[hidden email]>: > >>> > > >>> > > Pavel, > >>> > > > >>> > > we need to follow the process from > >>> > > https://www.apache.org/dev/crypto.html#classify > >>> > > > >>> > > Please see similar products in the draft export matrix, > >>> > > > >>> > > > >>> > > >>> > https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7 > >>> > > > >>> > > > >>> > > We don't ship JDK, but we designed our product to use a > cryptographic > >>> > > feature from this 3rd party product, so we need to follow this > >>> process > >>> > and > >>> > > provide matrix update, add CRYPTO notice (I'll draft it). > >>> > > > >>> > > Other products don't declare all possible JDKs - > >>> > > http://www.apache.org/licenses/exports/#matrix So, probably, one > >>> > > declaration of .NET classic (Microsoft) would be enough. > >>> > > > >>> > > Sincerely, > >>> > > Dmitriy Pavlov > >>> > > > >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <[hidden email] > >: > >>> > > > >>> > >> >>Should it go instead of Microsoft? Should we mention .NET code > in > >>> > >> addition > >>> > >> > >>> > >> >>to Microsoft? > >>> > >> > >>> > >> > >>> > >> > >>> > >> >Yes, I think we can do this. Ignite targets both of the them. And > >>> .NET > >>> > >> Core uses it’s own implementation of standard class library[1] > >>> > >> > >>> > >> >Pavel may correct me. > >>> > >> > >>> > >> > >>> > >> We use crypto APIs from standard class library. We ship our > >>> binaries, > >>> > but > >>> > >> we don't ship the framework binaries. > >>> > >> > >>> > >> Our binaries can be executed with .NET Core (open-source, MIT > >>> license), > >>> > >> Mono (open-source, MIT license), and .NET Classic (old framework, > >>> > >> Windows-only, Microsoft license). > >>> > >> > >>> > >> I'm still not sure what is the question we are trying to answer, > >>> though. > >>> > >> > >>> > >> > >>> > >> Thanks, > >>> > >> > >>> > >> Pavel > >>> > >> > >>> > >> > >>> > >> > >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin < > [hidden email] > >>> > > >>> > >> wrote: > >>> > >> > >>> > >> > >1) Declaring older versions of Ignite. > >>> > >> > > >>> > >> > >2) Is it correct to mention that Ignite uses .NET core > >>> controlled by > >>> > >> .NET > >>> > >> > > >>> > >> > >Foundation? E.g. as follows: > >>> > >> > > >>> > >> > >(controlled by) > >>> > >> > > >>> > >> > >.NET Foundation > >>> > >> > > >>> > >> > >title=Designed to use .NET Framework Cryptography Model > >>> > >> > > >>> > >> > >href=https://dotnetfoundation.org/projects > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > >Should it go instead of Microsoft? Should we mention .NET code > in > >>> > >> addition > >>> > >> > > >>> > >> > >to Microsoft? > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > Yes, I think we can do this. Ignite targets both of the them. > And > >>> .NET > >>> > >> > Core uses it’s own implementation of standard class library[1] > >>> > >> > > >>> > >> > Pavel may correct me. > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > [1] https://github.com/dotnet/corefx > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > *From: *Dmitriy Pavlov <[hidden email]> > >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM > >>> > >> > *To: *dev <[hidden email]> > >>> > >> > *Cc: *Denis Magda <[hidden email]>; Igor Sapego < > >>> > [hidden email]>; > >>> > >> Pavel > >>> > >> > Petroshenko <[hidden email]>; Nikolay Izhikov < > >>> [hidden email]> > >>> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S. > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > Thanks, Pavel! > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > Denis, Pavel, Igniters, please review the following proposal: > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage. > >>> > >> > > >>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage. > >>> > >> > > >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage. > >>> > >> > > >>> > >> > - TDE to be declared as JCA/JCE > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > Export matrix data to be published in ASF-level SVN: > >>> > >> > > >>> > >> > <<<<< > >>> > >> > > >>> > >> > Product Name > >>> > >> > > >>> > >> > Apache Ignite > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > Versions > >>> > >> > > >>> > >> > development > >>> > >> > > >>> > >> > 2.7 and later <Earlier versions-TBD?> > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > ECCN > >>> > >> > > >>> > >> > 5D002 > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > Controlled source > >>> > >> > > >>> > >> > ASF > >>> > >> > > >>> > >> > title=Designed to use with built-in Java Cryptography > Architecture > >>> > (JCA) > >>> > >> > > >>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > Oracle > >>> > >> > > >>> > >> > title=Designed to use with built-in Java encryption libraries > >>> (JCE) > >>> > >> > > >>> > >> > href= > >>> > >> > https://www.oracle.com/technetwork/java/javase/downloads/index.html > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > The OpenSSL Project > >>> > >> > > >>> > >> > title=Designed to use General Purpose cryptography library > >>> included > >>> > with > >>> > >> > > >>> > >> > OpenSSL > >>> > >> > > >>> > >> > href=https://www.openssl.org/source/ > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > Microsoft > >>> > >> > > >>> > >> > title=Designed to use .NET Framework Cryptography Model > >>> > >> > > >>> > >> > href=https://dotnet.microsoft.com/download > >>> > >> > > >>> > >> > >>>>>> > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > Open questions: > >>> > >> > > >>> > >> > 1) Declaring older versions of Ignite. > >>> > >> > > >>> > >> > 2) Is it correct to mention that Ignite uses .NET core > controlled > >>> by > >>> > >> .NET > >>> > >> > > >>> > >> > Foundation? E.g. as follows: > >>> > >> > > >>> > >> > (controlled by) > >>> > >> > > >>> > >> > .NET Foundation > >>> > >> > > >>> > >> > title=Designed to use .NET Framework Cryptography Model > >>> > >> > > >>> > >> > href=https://dotnetfoundation.org/projects > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > Should it go instead of Microsoft? Should we mention .NET code > in > >>> > >> addition > >>> > >> > > >>> > >> > to Microsoft? > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > Sincerely, > >>> > >> > > >>> > >> > Dmitriy Pavlov > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn < > [hidden email] > >>> >: > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > > Hi Denis, > >>> > >> > > >>> > >> > > > >>> > >> > > >>> > >> > > Ignite.NET uses .NET Framework Standard Library for all > >>> security and > >>> > >> > > >>> > >> > > cryptographic related code. There are no dependencies on > >>> external > >>> > >> > > >>> > >> > > libraries. > >>> > >> > > >>> > >> > > > >>> > >> > > >>> > >> > > Thanks > >>> > >> > > >>> > >> > > > >>> > >> > > >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: > >>> > >> > > >>> > >> > > > >>> > >> > > >>> > >> > > > Igniters, > >>> > >> > > >>> > >> > > > > >>> > >> > > >>> > >> > > > Regardless of the fact that Ignite is an open source > >>> software, ASF > >>> > >> as > >>> > >> > an > >>> > >> > > >>> > >> > > > entity based in the U.S. has to comply with certain > exporting > >>> > >> > regulations > >>> > >> > > >>> > >> > > > [1]. > >>> > >> > > >>> > >> > > > > >>> > >> > > >>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the > table > >>> [2] > >>> > of > >>> > >> > > >>> > >> > > > projects allowed for export and might need the assistance of > >>> some > >>> > of > >>> > >> > you. > >>> > >> > > >>> > >> > > > > >>> > >> > > >>> > >> > > > Here is a list of cryptographic functions used by Ignite > (and > >>> > >> provided > >>> > >> > by > >>> > >> > > >>> > >> > > > a 3rd party vendor): > >>> > >> > > >>> > >> > > > > >>> > >> > > >>> > >> > > > 1. JDK SSL/TLS libraries if a user wishes to enable > secured > >>> > >> > > >>> > >> > > > connectivity between cluster nodes. Manufacturer - > >>> > >> Oracle/OpenJDK ( > >>> > >> > > >>> > >> > > > https://apacheignite.readme.io/docs/ssltls) > >>> > >> > > >>> > >> > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java > >>> libraries > >>> > >> for > >>> > >> > > >>> > >> > > > transparent data encryption of data on disk ( > >>> > >> > > >>> > >> > > > > >>> > https://apacheignite.readme.io/docs/transparent-data-encryption) > >>> > >> > > >>> > >> > > > 3. Libraries/vendors for .NET nodes security?* Pavel > >>> Tupitsyn*, > >>> > >> > could > >>> > >> > > >>> > >> > > > you check? > >>> > >> > > >>> > >> > > > 4. Libraries/vendors for C++ clients security (SSL, TLS, > >>> > anything > >>> > >> > > >>> > >> > > > else?). *Igor Sapego*, could you please check? > >>> > >> > > >>> > >> > > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? > >>> *Dear > >>> > thin > >>> > >> > > >>> > >> > > > client contributors*, please facilitate. > >>> > >> > > >>> > >> > > > 6. Anything else missing from the list? We don't have any > >>> > custom > >>> > >> > > >>> > >> > > > crypto features, right? > >>> > >> > > >>> > >> > > > > >>> > >> > > >>> > >> > > > All of these usages/integrations have to comply with the > >>> following > >>> > >> > > >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to > >>> Export > >>> > >> > > >>> > >> > > > Administration Regulations of the U.S.A. > >>> > >> > > >>> > >> > > > > >>> > >> > > >>> > >> > > > [1] http://www.apache.org/licenses/exports/ > >>> > >> > > >>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix > >>> > >> > > >>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify > >>> > >> > > >>> > >> > > > > >>> > >> > > >>> > >> > > > > >>> > >> > > >>> > >> > > > - > >>> > >> > > >>> > >> > > > Denis > >>> > >> > > >>> > >> > > > > >>> > >> > > >>> > >> > > > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > >>> > > > >>> > > >>> > >> > |
Re: Signing off Ignite for export beyond the U.S.
|
|
Pavel replied to me in private: encryption is available since 2.4 for .Net
thin client. I've also modified source XML https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8 чт, 20 июн. 2019 г. в 00:10, Denis Magda <[hidden email]>: > Pavel, > > I still have no info related to starting version of .NET encryption > > support. So I supposed it was 1.5. > > > Could you please help with this last open item? > > Dmitry, thanks for the final summary. I'll contact ASF folks trying to find > the ASF website dev instructions. > > > -- > Denis Magda > > > On Wed, Jun 19, 2019 at 11:35 AM Dmitriy Pavlov <[hidden email]> > wrote: > > > Hi Denis, > > > > I still have no info related to starting version of .NET encryption > > support. So I supposed it was 1.5. > > > > I've started both XSTLs and added an example of both XLTs output to > > doc tabs. One transformer is for email template generation (requires > > project name), another is for the site table. > > > > Only one TODO now left in the PR version of the update. All other stuff > is > > ready for publishing: > > > > > https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8 > > > > Sincerely, > > Dmitriy Pavlov > > > > P.S. I'm not sure that dev. the list will keep formatting, but anyway > here > > is transformer output example as text. > > > > Apache Ignite Project > > Product Name Versions ECCN > > Controlled Source > > Apache Ignite development 5D002 > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, > Inc., > > The Eclipse Foundation > > 2.5.0 - latest 5D002 > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, > Inc., > > The Eclipse Foundation > > 1.5.0.final - 2.4.0 5D002 > > ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse > > Foundation > > 1.0.0 - 1.5.0-b1 5D002 > > ASF, Oracle, JCraft, Inc., The Eclipse Foundation > > > > ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <[hidden email]>: > > > > > Igniters, > > > > > > as for older versions, I've started to collect information of crypto > > > providers usages in older versions, please help me to finalize this doc > > so > > > I could prepare a declaration of older versions. > > > > > > > > > > > > https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing > > > > > > I'm not sure if the time of Incubation counts, but, anyway, let' > collect > > > information about the history of modules. > > > > > > Sincerely, > > > Dmitriy Pavlov > > > > > > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <[hidden email]>: > > > > > >> Hi Denis, > > >> > > >> Build process seems to be mentioned only here > > >> https://www.apache.org/dev/crypto.html#sources It also mentions some > > >> bisnotice XSLT transformation, which is available at SVN here > > >> > > > https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/ > > >> > > >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from > > >> > > > https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/ > > >> is more appropriate. I will test it locally. > > >> > > >> The only thing I've found for now is the following scripts at the root > > of > > >> SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/ > > >> bisnotice.cmd > > >> bisnotice.sh > > >> > > >> Sincerely, > > >> Dmitriy Pavlov > > >> > > >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <[hidden email]>: > > >> > > >>> Dmitriy, > > >>> > > >>> I think that it's required to enlist all of the publicly released > > Ignite > > >>> versions (available for download from the website). It means that the > > XML > > >>> should have the following controlled sources grouped by Ignite > > versions' > > >>> ranges. > > >>> > > >>> - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse > > Foundation > > >>> - Ignite 1.5.0 and later: all of the controller versions listed by > > >>> you. > > >>> > > >>> Not sure about JCraft only. What was the first Ignite version the lib > > was > > >>> added to? > > >>> > > >>> As for .NET versions declarations, I'm for the way it handled right > now > > >>> by > > >>> you. Btw, do you know where ASF explains the website build process? > > >>> Failed > > >>> to find it, it's not enough just to update the XML. > > >>> > > >>> Finally, looping in Garrett who can help with the editorial review. > > >>> Garrett, could you please review README.txt from this pull-request? > > >>> > > >>> > > > https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 > > >>> > > >>> > > >>> - > > >>> Denis > > >>> > > >>> > > >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <[hidden email]> > > >>> wrote: > > >>> > > >>> > Igniters, > > >>> > > > >>> > please review crypto notice in > > >>> > > > >>> > > > >>> > > > https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 > > >>> > > > >>> > Only 2 open questions: about declaring released versions, and about > > >>> > declaring .NET versions (.NET Core & . NET Classic). By default, I > > >>> propose > > >>> > to keep both. > > >>> > > > >>> > Sincerely, > > >>> > Dmitriy Pavlov > > >>> > > > >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <[hidden email]>: > > >>> > > > >>> > > Pavel, > > >>> > > > > >>> > > we need to follow the process from > > >>> > > https://www.apache.org/dev/crypto.html#classify > > >>> > > > > >>> > > Please see similar products in the draft export matrix, > > >>> > > > > >>> > > > > >>> > > > >>> > > > https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7 > > >>> > > > > >>> > > > > >>> > > We don't ship JDK, but we designed our product to use a > > cryptographic > > >>> > > feature from this 3rd party product, so we need to follow this > > >>> process > > >>> > and > > >>> > > provide matrix update, add CRYPTO notice (I'll draft it). > > >>> > > > > >>> > > Other products don't declare all possible JDKs - > > >>> > > http://www.apache.org/licenses/exports/#matrix So, probably, one > > >>> > > declaration of .NET classic (Microsoft) would be enough. > > >>> > > > > >>> > > Sincerely, > > >>> > > Dmitriy Pavlov > > >>> > > > > >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn < > [hidden email] > > >: > > >>> > > > > >>> > >> >>Should it go instead of Microsoft? Should we mention .NET code > > in > > >>> > >> addition > > >>> > >> > > >>> > >> >>to Microsoft? > > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> >Yes, I think we can do this. Ignite targets both of the them. > And > > >>> .NET > > >>> > >> Core uses it’s own implementation of standard class library[1] > > >>> > >> > > >>> > >> >Pavel may correct me. > > >>> > >> > > >>> > >> > > >>> > >> We use crypto APIs from standard class library. We ship our > > >>> binaries, > > >>> > but > > >>> > >> we don't ship the framework binaries. > > >>> > >> > > >>> > >> Our binaries can be executed with .NET Core (open-source, MIT > > >>> license), > > >>> > >> Mono (open-source, MIT license), and .NET Classic (old > framework, > > >>> > >> Windows-only, Microsoft license). > > >>> > >> > > >>> > >> I'm still not sure what is the question we are trying to answer, > > >>> though. > > >>> > >> > > >>> > >> > > >>> > >> Thanks, > > >>> > >> > > >>> > >> Pavel > > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin < > > [hidden email] > > >>> > > > >>> > >> wrote: > > >>> > >> > > >>> > >> > >1) Declaring older versions of Ignite. > > >>> > >> > > > >>> > >> > >2) Is it correct to mention that Ignite uses .NET core > > >>> controlled by > > >>> > >> .NET > > >>> > >> > > > >>> > >> > >Foundation? E.g. as follows: > > >>> > >> > > > >>> > >> > >(controlled by) > > >>> > >> > > > >>> > >> > >.NET Foundation > > >>> > >> > > > >>> > >> > >title=Designed to use .NET Framework Cryptography Model > > >>> > >> > > > >>> > >> > >href=https://dotnetfoundation.org/projects > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > >Should it go instead of Microsoft? Should we mention .NET > code > > in > > >>> > >> addition > > >>> > >> > > > >>> > >> > >to Microsoft? > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > Yes, I think we can do this. Ignite targets both of the them. > > And > > >>> .NET > > >>> > >> > Core uses it’s own implementation of standard class library[1] > > >>> > >> > > > >>> > >> > Pavel may correct me. > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > [1] https://github.com/dotnet/corefx > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > *From: *Dmitriy Pavlov <[hidden email]> > > >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM > > >>> > >> > *To: *dev <[hidden email]> > > >>> > >> > *Cc: *Denis Magda <[hidden email]>; Igor Sapego < > > >>> > [hidden email]>; > > >>> > >> Pavel > > >>> > >> > Petroshenko <[hidden email]>; Nikolay Izhikov < > > >>> [hidden email]> > > >>> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S. > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > Thanks, Pavel! > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > Denis, Pavel, Igniters, please review the following proposal: > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage. > > >>> > >> > > > >>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE > usage. > > >>> > >> > > > >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage. > > >>> > >> > > > >>> > >> > - TDE to be declared as JCA/JCE > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > Export matrix data to be published in ASF-level SVN: > > >>> > >> > > > >>> > >> > <<<<< > > >>> > >> > > > >>> > >> > Product Name > > >>> > >> > > > >>> > >> > Apache Ignite > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > Versions > > >>> > >> > > > >>> > >> > development > > >>> > >> > > > >>> > >> > 2.7 and later <Earlier versions-TBD?> > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > ECCN > > >>> > >> > > > >>> > >> > 5D002 > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > Controlled source > > >>> > >> > > > >>> > >> > ASF > > >>> > >> > > > >>> > >> > title=Designed to use with built-in Java Cryptography > > Architecture > > >>> > (JCA) > > >>> > >> > > > >>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > Oracle > > >>> > >> > > > >>> > >> > title=Designed to use with built-in Java encryption libraries > > >>> (JCE) > > >>> > >> > > > >>> > >> > href= > > >>> > >> > > https://www.oracle.com/technetwork/java/javase/downloads/index.html > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > The OpenSSL Project > > >>> > >> > > > >>> > >> > title=Designed to use General Purpose cryptography library > > >>> included > > >>> > with > > >>> > >> > > > >>> > >> > OpenSSL > > >>> > >> > > > >>> > >> > href=https://www.openssl.org/source/ > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > Microsoft > > >>> > >> > > > >>> > >> > title=Designed to use .NET Framework Cryptography Model > > >>> > >> > > > >>> > >> > href=https://dotnet.microsoft.com/download > > >>> > >> > > > >>> > >> > >>>>>> > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > Open questions: > > >>> > >> > > > >>> > >> > 1) Declaring older versions of Ignite. > > >>> > >> > > > >>> > >> > 2) Is it correct to mention that Ignite uses .NET core > > controlled > > >>> by > > >>> > >> .NET > > >>> > >> > > > >>> > >> > Foundation? E.g. as follows: > > >>> > >> > > > >>> > >> > (controlled by) > > >>> > >> > > > >>> > >> > .NET Foundation > > >>> > >> > > > >>> > >> > title=Designed to use .NET Framework Cryptography Model > > >>> > >> > > > >>> > >> > href=https://dotnetfoundation.org/projects > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > Should it go instead of Microsoft? Should we mention .NET code > > in > > >>> > >> addition > > >>> > >> > > > >>> > >> > to Microsoft? > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > Sincerely, > > >>> > >> > > > >>> > >> > Dmitriy Pavlov > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn < > > [hidden email] > > >>> >: > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > > Hi Denis, > > >>> > >> > > > >>> > >> > > > > >>> > >> > > > >>> > >> > > Ignite.NET uses .NET Framework Standard Library for all > > >>> security and > > >>> > >> > > > >>> > >> > > cryptographic related code. There are no dependencies on > > >>> external > > >>> > >> > > > >>> > >> > > libraries. > > >>> > >> > > > >>> > >> > > > > >>> > >> > > > >>> > >> > > Thanks > > >>> > >> > > > >>> > >> > > > > >>> > >> > > > >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email]>: > > >>> > >> > > > >>> > >> > > > > >>> > >> > > > >>> > >> > > > Igniters, > > >>> > >> > > > >>> > >> > > > > > >>> > >> > > > >>> > >> > > > Regardless of the fact that Ignite is an open source > > >>> software, ASF > > >>> > >> as > > >>> > >> > an > > >>> > >> > > > >>> > >> > > > entity based in the U.S. has to comply with certain > > exporting > > >>> > >> > regulations > > >>> > >> > > > >>> > >> > > > [1]. > > >>> > >> > > > >>> > >> > > > > > >>> > >> > > > >>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the > > table > > >>> [2] > > >>> > of > > >>> > >> > > > >>> > >> > > > projects allowed for export and might need the assistance > of > > >>> some > > >>> > of > > >>> > >> > you. > > >>> > >> > > > >>> > >> > > > > > >>> > >> > > > >>> > >> > > > Here is a list of cryptographic functions used by Ignite > > (and > > >>> > >> provided > > >>> > >> > by > > >>> > >> > > > >>> > >> > > > a 3rd party vendor): > > >>> > >> > > > >>> > >> > > > > > >>> > >> > > > >>> > >> > > > 1. JDK SSL/TLS libraries if a user wishes to enable > > secured > > >>> > >> > > > >>> > >> > > > connectivity between cluster nodes. Manufacturer - > > >>> > >> Oracle/OpenJDK ( > > >>> > >> > > > >>> > >> > > > https://apacheignite.readme.io/docs/ssltls) > > >>> > >> > > > >>> > >> > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java > > >>> libraries > > >>> > >> for > > >>> > >> > > > >>> > >> > > > transparent data encryption of data on disk ( > > >>> > >> > > > >>> > >> > > > > > >>> > https://apacheignite.readme.io/docs/transparent-data-encryption) > > >>> > >> > > > >>> > >> > > > 3. Libraries/vendors for .NET nodes security?* Pavel > > >>> Tupitsyn*, > > >>> > >> > could > > >>> > >> > > > >>> > >> > > > you check? > > >>> > >> > > > >>> > >> > > > 4. Libraries/vendors for C++ clients security (SSL, > TLS, > > >>> > anything > > >>> > >> > > > >>> > >> > > > else?). *Igor Sapego*, could you please check? > > >>> > >> > > > >>> > >> > > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? > > >>> *Dear > > >>> > thin > > >>> > >> > > > >>> > >> > > > client contributors*, please facilitate. > > >>> > >> > > > >>> > >> > > > 6. Anything else missing from the list? We don't have > any > > >>> > custom > > >>> > >> > > > >>> > >> > > > crypto features, right? > > >>> > >> > > > >>> > >> > > > > > >>> > >> > > > >>> > >> > > > All of these usages/integrations have to comply with the > > >>> following > > >>> > >> > > > >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to > > >>> Export > > >>> > >> > > > >>> > >> > > > Administration Regulations of the U.S.A. > > >>> > >> > > > >>> > >> > > > > > >>> > >> > > > >>> > >> > > > [1] http://www.apache.org/licenses/exports/ > > >>> > >> > > > >>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix > > >>> > >> > > > >>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify > > >>> > >> > > > >>> > >> > > > > > >>> > >> > > > >>> > >> > > > > > >>> > >> > > > >>> > >> > > > - > > >>> > >> > > > >>> > >> > > > Denis > > >>> > >> > > > >>> > >> > > > > > >>> > >> > > > >>> > >> > > > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > > >>> > > > > >>> > > > >>> > > >> > > > |
|
|
Dmitry,
I've updated the ASF website by including Ignite to the exports matrix [1]. Plus, notified the controlling U.S. entities on the matter. Could you please do one more favor and help to close these two items (flying on a plane and a poor Internet connection makes it impossible to check them off on my end)? - Update README.txt in Ignite master with the content prepared earlier by you - Copy content of this doc [2] to Ignite Wiki [1] http://www.apache.org/licenses/exports/ [2] https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing - Denis On Wed, Jun 19, 2019 at 2:47 PM Dmitriy Pavlov <[hidden email]> wrote: > Pavel replied to me in private: encryption is available since 2.4 for .Net > thin client. > > I've also modified source XML > > https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8 > > > чт, 20 июн. 2019 г. в 00:10, Denis Magda <[hidden email]>: > > > Pavel, > > > > I still have no info related to starting version of .NET encryption > > > support. So I supposed it was 1.5. > > > > > > Could you please help with this last open item? > > > > Dmitry, thanks for the final summary. I'll contact ASF folks trying to > find > > the ASF website dev instructions. > > > > > > -- > > Denis Magda > > > > > > On Wed, Jun 19, 2019 at 11:35 AM Dmitriy Pavlov <[hidden email]> > > wrote: > > > > > Hi Denis, > > > > > > I still have no info related to starting version of .NET encryption > > > support. So I supposed it was 1.5. > > > > > > I've started both XSTLs and added an example of both XLTs output to > > > doc tabs. One transformer is for email template generation (requires > > > project name), another is for the site table. > > > > > > Only one TODO now left in the PR version of the update. All other stuff > > is > > > ready for publishing: > > > > > > > > > https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8 > > > > > > Sincerely, > > > Dmitriy Pavlov > > > > > > P.S. I'm not sure that dev. the list will keep formatting, but anyway > > here > > > is transformer output example as text. > > > > > > Apache Ignite Project > > > Product Name Versions ECCN > > > Controlled Source > > > Apache Ignite development 5D002 > > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, > > Inc., > > > The Eclipse Foundation > > > 2.5.0 - latest 5D002 > > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, > > Inc., > > > The Eclipse Foundation > > > 1.5.0.final - 2.4.0 5D002 > > > ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse > > > Foundation > > > 1.0.0 - 1.5.0-b1 5D002 > > > ASF, Oracle, JCraft, Inc., The Eclipse Foundation > > > > > > ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <[hidden email]>: > > > > > > > Igniters, > > > > > > > > as for older versions, I've started to collect information of crypto > > > > providers usages in older versions, please help me to finalize this > doc > > > so > > > > I could prepare a declaration of older versions. > > > > > > > > > > > > > > > > > > https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing > > > > > > > > I'm not sure if the time of Incubation counts, but, anyway, let' > > collect > > > > information about the history of modules. > > > > > > > > Sincerely, > > > > Dmitriy Pavlov > > > > > > > > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <[hidden email]>: > > > > > > > >> Hi Denis, > > > >> > > > >> Build process seems to be mentioned only here > > > >> https://www.apache.org/dev/crypto.html#sources It also mentions > some > > > >> bisnotice XSLT transformation, which is available at SVN here > > > >> > > > > > > https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/ > > > >> > > > >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from > > > >> > > > > > > https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/ > > > >> is more appropriate. I will test it locally. > > > >> > > > >> The only thing I've found for now is the following scripts at the > root > > > of > > > >> SVN here > https://svn.apache.org/repos/asf/infrastructure/site/trunk/ > > > >> bisnotice.cmd > > > >> bisnotice.sh > > > >> > > > >> Sincerely, > > > >> Dmitriy Pavlov > > > >> > > > >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <[hidden email]>: > > > >> > > > >>> Dmitriy, > > > >>> > > > >>> I think that it's required to enlist all of the publicly released > > > Ignite > > > >>> versions (available for download from the website). It means that > the > > > XML > > > >>> should have the following controlled sources grouped by Ignite > > > versions' > > > >>> ranges. > > > >>> > > > >>> - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse > > > Foundation > > > >>> - Ignite 1.5.0 and later: all of the controller versions listed > by > > > >>> you. > > > >>> > > > >>> Not sure about JCraft only. What was the first Ignite version the > lib > > > was > > > >>> added to? > > > >>> > > > >>> As for .NET versions declarations, I'm for the way it handled right > > now > > > >>> by > > > >>> you. Btw, do you know where ASF explains the website build process? > > > >>> Failed > > > >>> to find it, it's not enough just to update the XML. > > > >>> > > > >>> Finally, looping in Garrett who can help with the editorial review. > > > >>> Garrett, could you please review README.txt from this pull-request? > > > >>> > > > >>> > > > > > > https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 > > > >>> > > > >>> > > > >>> - > > > >>> Denis > > > >>> > > > >>> > > > >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <[hidden email] > > > > > >>> wrote: > > > >>> > > > >>> > Igniters, > > > >>> > > > > >>> > please review crypto notice in > > > >>> > > > > >>> > > > > >>> > > > > > > https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 > > > >>> > > > > >>> > Only 2 open questions: about declaring released versions, and > about > > > >>> > declaring .NET versions (.NET Core & . NET Classic). By default, > I > > > >>> propose > > > >>> > to keep both. > > > >>> > > > > >>> > Sincerely, > > > >>> > Dmitriy Pavlov > > > >>> > > > > >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <[hidden email] > >: > > > >>> > > > > >>> > > Pavel, > > > >>> > > > > > >>> > > we need to follow the process from > > > >>> > > https://www.apache.org/dev/crypto.html#classify > > > >>> > > > > > >>> > > Please see similar products in the draft export matrix, > > > >>> > > > > > >>> > > > > > >>> > > > > >>> > > > > > > https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7 > > > >>> > > > > > >>> > > > > > >>> > > We don't ship JDK, but we designed our product to use a > > > cryptographic > > > >>> > > feature from this 3rd party product, so we need to follow this > > > >>> process > > > >>> > and > > > >>> > > provide matrix update, add CRYPTO notice (I'll draft it). > > > >>> > > > > > >>> > > Other products don't declare all possible JDKs - > > > >>> > > http://www.apache.org/licenses/exports/#matrix So, probably, > one > > > >>> > > declaration of .NET classic (Microsoft) would be enough. > > > >>> > > > > > >>> > > Sincerely, > > > >>> > > Dmitriy Pavlov > > > >>> > > > > > >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn < > > [hidden email] > > > >: > > > >>> > > > > > >>> > >> >>Should it go instead of Microsoft? Should we mention .NET > code > > > in > > > >>> > >> addition > > > >>> > >> > > > >>> > >> >>to Microsoft? > > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> >Yes, I think we can do this. Ignite targets both of the them. > > And > > > >>> .NET > > > >>> > >> Core uses it’s own implementation of standard class library[1] > > > >>> > >> > > > >>> > >> >Pavel may correct me. > > > >>> > >> > > > >>> > >> > > > >>> > >> We use crypto APIs from standard class library. We ship our > > > >>> binaries, > > > >>> > but > > > >>> > >> we don't ship the framework binaries. > > > >>> > >> > > > >>> > >> Our binaries can be executed with .NET Core (open-source, MIT > > > >>> license), > > > >>> > >> Mono (open-source, MIT license), and .NET Classic (old > > framework, > > > >>> > >> Windows-only, Microsoft license). > > > >>> > >> > > > >>> > >> I'm still not sure what is the question we are trying to > answer, > > > >>> though. > > > >>> > >> > > > >>> > >> > > > >>> > >> Thanks, > > > >>> > >> > > > >>> > >> Pavel > > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin < > > > [hidden email] > > > >>> > > > > >>> > >> wrote: > > > >>> > >> > > > >>> > >> > >1) Declaring older versions of Ignite. > > > >>> > >> > > > > >>> > >> > >2) Is it correct to mention that Ignite uses .NET core > > > >>> controlled by > > > >>> > >> .NET > > > >>> > >> > > > > >>> > >> > >Foundation? E.g. as follows: > > > >>> > >> > > > > >>> > >> > >(controlled by) > > > >>> > >> > > > > >>> > >> > >.NET Foundation > > > >>> > >> > > > > >>> > >> > >title=Designed to use .NET Framework Cryptography Model > > > >>> > >> > > > > >>> > >> > >href=https://dotnetfoundation.org/projects > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > >Should it go instead of Microsoft? Should we mention .NET > > code > > > in > > > >>> > >> addition > > > >>> > >> > > > > >>> > >> > >to Microsoft? > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > Yes, I think we can do this. Ignite targets both of the > them. > > > And > > > >>> .NET > > > >>> > >> > Core uses it’s own implementation of standard class > library[1] > > > >>> > >> > > > > >>> > >> > Pavel may correct me. > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > [1] https://github.com/dotnet/corefx > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > *From: *Dmitriy Pavlov <[hidden email]> > > > >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM > > > >>> > >> > *To: *dev <[hidden email]> > > > >>> > >> > *Cc: *Denis Magda <[hidden email]>; Igor Sapego < > > > >>> > [hidden email]>; > > > >>> > >> Pavel > > > >>> > >> > Petroshenko <[hidden email]>; Nikolay Izhikov < > > > >>> [hidden email]> > > > >>> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S. > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > Thanks, Pavel! > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > Denis, Pavel, Igniters, please review the following > proposal: > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage. > > > >>> > >> > > > > >>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE > > usage. > > > >>> > >> > > > > >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage. > > > >>> > >> > > > > >>> > >> > - TDE to be declared as JCA/JCE > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > Export matrix data to be published in ASF-level SVN: > > > >>> > >> > > > > >>> > >> > <<<<< > > > >>> > >> > > > > >>> > >> > Product Name > > > >>> > >> > > > > >>> > >> > Apache Ignite > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > Versions > > > >>> > >> > > > > >>> > >> > development > > > >>> > >> > > > > >>> > >> > 2.7 and later <Earlier versions-TBD?> > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > ECCN > > > >>> > >> > > > > >>> > >> > 5D002 > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > Controlled source > > > >>> > >> > > > > >>> > >> > ASF > > > >>> > >> > > > > >>> > >> > title=Designed to use with built-in Java Cryptography > > > Architecture > > > >>> > (JCA) > > > >>> > >> > > > > >>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > Oracle > > > >>> > >> > > > > >>> > >> > title=Designed to use with built-in Java encryption > libraries > > > >>> (JCE) > > > >>> > >> > > > > >>> > >> > href= > > > >>> > >> > > > https://www.oracle.com/technetwork/java/javase/downloads/index.html > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > The OpenSSL Project > > > >>> > >> > > > > >>> > >> > title=Designed to use General Purpose cryptography library > > > >>> included > > > >>> > with > > > >>> > >> > > > > >>> > >> > OpenSSL > > > >>> > >> > > > > >>> > >> > href=https://www.openssl.org/source/ > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > Microsoft > > > >>> > >> > > > > >>> > >> > title=Designed to use .NET Framework Cryptography Model > > > >>> > >> > > > > >>> > >> > href=https://dotnet.microsoft.com/download > > > >>> > >> > > > > >>> > >> > >>>>>> > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > Open questions: > > > >>> > >> > > > > >>> > >> > 1) Declaring older versions of Ignite. > > > >>> > >> > > > > >>> > >> > 2) Is it correct to mention that Ignite uses .NET core > > > controlled > > > >>> by > > > >>> > >> .NET > > > >>> > >> > > > > >>> > >> > Foundation? E.g. as follows: > > > >>> > >> > > > > >>> > >> > (controlled by) > > > >>> > >> > > > > >>> > >> > .NET Foundation > > > >>> > >> > > > > >>> > >> > title=Designed to use .NET Framework Cryptography Model > > > >>> > >> > > > > >>> > >> > href=https://dotnetfoundation.org/projects > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > Should it go instead of Microsoft? Should we mention .NET > code > > > in > > > >>> > >> addition > > > >>> > >> > > > > >>> > >> > to Microsoft? > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > Sincerely, > > > >>> > >> > > > > >>> > >> > Dmitriy Pavlov > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn < > > > [hidden email] > > > >>> >: > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > Hi Denis, > > > >>> > >> > > > > >>> > >> > > > > > >>> > >> > > > > >>> > >> > > Ignite.NET uses .NET Framework Standard Library for all > > > >>> security and > > > >>> > >> > > > > >>> > >> > > cryptographic related code. There are no dependencies on > > > >>> external > > > >>> > >> > > > > >>> > >> > > libraries. > > > >>> > >> > > > > >>> > >> > > > > > >>> > >> > > > > >>> > >> > > Thanks > > > >>> > >> > > > > >>> > >> > > > > > >>> > >> > > > > >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[hidden email] > >: > > > >>> > >> > > > > >>> > >> > > > > > >>> > >> > > > > >>> > >> > > > Igniters, > > > >>> > >> > > > > >>> > >> > > > > > > >>> > >> > > > > >>> > >> > > > Regardless of the fact that Ignite is an open source > > > >>> software, ASF > > > >>> > >> as > > > >>> > >> > an > > > >>> > >> > > > > >>> > >> > > > entity based in the U.S. has to comply with certain > > > exporting > > > >>> > >> > regulations > > > >>> > >> > > > > >>> > >> > > > [1]. > > > >>> > >> > > > > >>> > >> > > > > > > >>> > >> > > > > >>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the > > > table > > > >>> [2] > > > >>> > of > > > >>> > >> > > > > >>> > >> > > > projects allowed for export and might need the > assistance > > of > > > >>> some > > > >>> > of > > > >>> > >> > you. > > > >>> > >> > > > > >>> > >> > > > > > > >>> > >> > > > > >>> > >> > > > Here is a list of cryptographic functions used by Ignite > > > (and > > > >>> > >> provided > > > >>> > >> > by > > > >>> > >> > > > > >>> > >> > > > a 3rd party vendor): > > > >>> > >> > > > > >>> > >> > > > > > > >>> > >> > > > > >>> > >> > > > 1. JDK SSL/TLS libraries if a user wishes to enable > > > secured > > > >>> > >> > > > > >>> > >> > > > connectivity between cluster nodes. Manufacturer - > > > >>> > >> Oracle/OpenJDK ( > > > >>> > >> > > > > >>> > >> > > > https://apacheignite.readme.io/docs/ssltls) > > > >>> > >> > > > > >>> > >> > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java > > > >>> libraries > > > >>> > >> for > > > >>> > >> > > > > >>> > >> > > > transparent data encryption of data on disk ( > > > >>> > >> > > > > >>> > >> > > > > > > >>> > https://apacheignite.readme.io/docs/transparent-data-encryption) > > > >>> > >> > > > > >>> > >> > > > 3. Libraries/vendors for .NET nodes security?* Pavel > > > >>> Tupitsyn*, > > > >>> > >> > could > > > >>> > >> > > > > >>> > >> > > > you check? > > > >>> > >> > > > > >>> > >> > > > 4. Libraries/vendors for C++ clients security (SSL, > > TLS, > > > >>> > anything > > > >>> > >> > > > > >>> > >> > > > else?). *Igor Sapego*, could you please check? > > > >>> > >> > > > > >>> > >> > > > 5. Libraries/vendors for Python, PHP, Node.JS > SSL/TLS? > > > >>> *Dear > > > >>> > thin > > > >>> > >> > > > > >>> > >> > > > client contributors*, please facilitate. > > > >>> > >> > > > > >>> > >> > > > 6. Anything else missing from the list? We don't have > > any > > > >>> > custom > > > >>> > >> > > > > >>> > >> > > > crypto features, right? > > > >>> > >> > > > > >>> > >> > > > > > > >>> > >> > > > > >>> > >> > > > All of these usages/integrations have to comply with the > > > >>> following > > > >>> > >> > > > > >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice > to > > > >>> Export > > > >>> > >> > > > > >>> > >> > > > Administration Regulations of the U.S.A. > > > >>> > >> > > > > >>> > >> > > > > > > >>> > >> > > > > >>> > >> > > > [1] http://www.apache.org/licenses/exports/ > > > >>> > >> > > > > >>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix > > > >>> > >> > > > > >>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify > > > >>> > >> > > > > >>> > >> > > > > > > >>> > >> > > > > >>> > >> > > > > > > >>> > >> > > > > >>> > >> > > > - > > > >>> > >> > > > > >>> > >> > > > Denis > > > >>> > >> > > > > >>> > >> > > > > > > >>> > >> > > > > >>> > >> > > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > >>> > > > > > >>> > > > > >>> > > > >> > > > > > > |
«
Return to Apache Ignite Developers - Legacy Mail Archive
|
1 view|%1 views
| Free forum by Nabble | Edit this page |