hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jerry Chen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9331) Hadoop crypto codec framework and crypto codec implementations
Date Thu, 07 Mar 2013 03:12:16 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13595495#comment-13595495
] 

Jerry Chen commented on HADOOP-9331:
------------------------------------

bq. how is this going to impact export rules for Hadoop
 
It does not impact export of Hadoop directly, but would introduce some housekeeping for every
release which includes code that implements export controlled cryptography or is “specifically
designed to use it”. The ASF has an XSLT transform committed under infrastructure/ for partial
automation of the process. The test is any code specifically designed to work with existing
export controlled technology. IANAL, but this would seem to extend to Hadoop Common (because
of the proposed o.a.h.io.crypto) and MapReduce (because if the proposed code that specifically
uses o.a.h.io.crypto). It would not appear to extend beyond this because no other downstream
consumer of Hadoop Common is "specifically designed to use [cryptography]". See http://www.apache.org/dev/crypto.html

 
Should HBase decide to commit HBASE-7544, then that housekeeping would apply to HBase releases
as well due to direct use of o.a.h.io.crypto.

                
> Hadoop crypto codec framework and crypto codec implementations
> --------------------------------------------------------------
>
>                 Key: HADOOP-9331
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9331
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Jerry Chen
>         Attachments: Hadoop Crypto Design.pdf
>
>   Original Estimate: 504h
>  Remaining Estimate: 504h
>
> For use cases that deal with sensitive data, we often need to encrypt data to be stored
safely at rest. Hadoop common provides a codec framework for compression algorithms. We start
here. However because encryption algorithms require some additional configuration and methods
for key management, we introduce a crypto codec framework that builds on the compression codec
framework. It cleanly distinguishes crypto algorithms from compression algorithms, but shares
common interfaces between them where possible, and also carries extended interfaces where
necessary to satisfy those needs. We also introduce a generic Key type, and supporting utility
methods and classes, as a necessary abstraction for dealing with both Java crypto keys and
PGP keys.
> The task for this feature breaks into two parts:
> 1. The crypto codec framework that based on compression codec which can be shared by
all crypto codec implementations.
> 2. The codec implementations such as AES and others.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message