ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dmitriy Pavlov <dpav...@apache.org>
Subject Re: Signing off Ignite for export beyond the U.S.
Date Wed, 19 Jun 2019 18:35:38 GMT
Hi Denis,

I still have no info related to starting version of .NET encryption
support. So I supposed it was 1.5.

I've started both XSTLs and added an example of both XLTs output to google
doc tabs. One transformer is for email template generation (requires
project name), another is for the site table.

Only one TODO now left in the PR version of the update. All other stuff is
ready for publishing:
https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8

Sincerely,
Dmitriy Pavlov

P.S. I'm not sure that dev. the list will keep formatting, but anyway here
is transformer output example as text.

Apache Ignite Project
Product Name Versions ECCN
Controlled Source
Apache Ignite development 5D002
ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, Inc.,
The Eclipse Foundation
2.5.0 - latest 5D002
ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, Inc.,
The Eclipse Foundation
1.5.0.final - 2.4.0 5D002
ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse
Foundation
1.0.0 - 1.5.0-b1 5D002
ASF, Oracle, JCraft, Inc., The Eclipse Foundation

ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <dpavlov@apache.org>:

> Igniters,
>
> as for older versions, I've started to collect information of crypto
> providers usages in older versions, please help me to finalize this doc so
> I could prepare a declaration of older versions.
>
>
> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
>
> I'm not sure if the time of Incubation counts, but, anyway, let' collect
> information about the history of modules.
>
> Sincerely,
> Dmitriy Pavlov
>
> ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <dpavlov@apache.org>:
>
>> Hi Denis,
>>
>> Build process seems to be mentioned only here
>> https://www.apache.org/dev/crypto.html#sources It also mentions some
>> bisnotice XSLT transformation, which is available at SVN here
>> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/
>>
>> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from
>> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
>> is more appropriate. I will test it locally.
>>
>> The only thing I've found for now is the following scripts at the root of
>> SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/
>> bisnotice.cmd
>> bisnotice.sh
>>
>> Sincerely,
>> Dmitriy Pavlov
>>
>> ср, 19 июн. 2019 г. в 01:40, Denis Magda <dmagda@apache.org>:
>>
>>> Dmitriy,
>>>
>>> I think that it's required to enlist all of the publicly released Ignite
>>> versions (available for download from the website). It means that the XML
>>> should have the following controlled sources grouped by Ignite versions'
>>> ranges.
>>>
>>>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse Foundation
>>>    - Ignite 1.5.0 and later: all of the controller versions listed by
>>> you.
>>>
>>> Not sure about JCraft only. What was the first Ignite version the lib was
>>> added to?
>>>
>>> As for .NET versions declarations, I'm for the way it handled right now
>>> by
>>> you. Btw, do you know where ASF explains the website build process?
>>> Failed
>>> to find it, it's not enough just to update the XML.
>>>
>>> Finally, looping in Garrett who can help with the editorial review.
>>> Garrett, could you please review README.txt from this pull-request?
>>>
>>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
>>>
>>>
>>> -
>>> Denis
>>>
>>>
>>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <dpavlov@apache.org>
>>> wrote:
>>>
>>> > Igniters,
>>> >
>>> > please review crypto notice in
>>> >
>>> >
>>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
>>> >
>>> > Only 2 open questions: about declaring released versions, and about
>>> > declaring .NET versions (.NET Core & . NET Classic). By default, I
>>> propose
>>> > to keep both.
>>> >
>>> > Sincerely,
>>> > Dmitriy Pavlov
>>> >
>>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <dpavlov@apache.org>:
>>> >
>>> > > Pavel,
>>> > >
>>> > > we need to follow the process from
>>> > > https://www.apache.org/dev/crypto.html#classify
>>> > >
>>> > > Please see similar products in the draft export matrix,
>>> > >
>>> > >
>>> >
>>> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
>>> > >
>>> > >
>>> > > We don't ship JDK, but we designed our product to use a cryptographic
>>> > > feature from this 3rd party product, so we need to follow this
>>> process
>>> > and
>>> > > provide matrix update, add CRYPTO notice (I'll draft it).
>>> > >
>>> > > Other products don't declare all possible JDKs -
>>> > > http://www.apache.org/licenses/exports/#matrix So, probably, one
>>> > > declaration of .NET classic (Microsoft) would be enough.
>>> > >
>>> > > Sincerely,
>>> > > Dmitriy Pavlov
>>> > >
>>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <ptupitsyn@apache.org>:
>>> > >
>>> > >> >>Should it go instead of Microsoft? Should we mention .NET
code in
>>> > >> addition
>>> > >>
>>> > >> >>to Microsoft?
>>> > >>
>>> > >>
>>> > >>
>>> > >> >Yes, I think we can do this. Ignite targets both of the them.
And
>>> .NET
>>> > >> Core uses it’s own implementation of standard class library[1]
>>> > >>
>>> > >> >Pavel may correct me.
>>> > >>
>>> > >>
>>> > >> We use crypto APIs from standard class library. We ship our
>>> binaries,
>>> > but
>>> > >> we don't ship the framework binaries.
>>> > >>
>>> > >> Our binaries can be executed with .NET Core (open-source, MIT
>>> license),
>>> > >> Mono (open-source, MIT license), and .NET Classic (old framework,
>>> > >> Windows-only, Microsoft license).
>>> > >>
>>> > >> I'm still not sure what is the question we are trying to answer,
>>> though.
>>> > >>
>>> > >>
>>> > >> Thanks,
>>> > >>
>>> > >> Pavel
>>> > >>
>>> > >>
>>> > >>
>>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <lexwert@gmail.com
>>> >
>>> > >> wrote:
>>> > >>
>>> > >> > >1) Declaring older versions of Ignite.
>>> > >> >
>>> > >> > >2) Is it correct to mention that Ignite uses .NET core
>>> controlled by
>>> > >> .NET
>>> > >> >
>>> > >> > >Foundation? E.g. as follows:
>>> > >> >
>>> > >> > >(controlled by)
>>> > >> >
>>> > >> > >.NET Foundation
>>> > >> >
>>> > >> > >title=Designed to use .NET Framework Cryptography Model
>>> > >> >
>>> > >> > >href=https://dotnetfoundation.org/projects
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > >Should it go instead of Microsoft? Should we mention .NET
code in
>>> > >> addition
>>> > >> >
>>> > >> > >to Microsoft?
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Yes, I think we can do this. Ignite targets both of the them.
And
>>> .NET
>>> > >> > Core uses it’s own implementation of standard class library[1]
>>> > >> >
>>> > >> > Pavel may correct me.
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > [1] https://github.com/dotnet/corefx
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > *From: *Dmitriy Pavlov <dpavlov@apache.org>
>>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
>>> > >> > *To: *dev <dev@ignite.apache.org>
>>> > >> > *Cc: *Denis Magda <dmagda@apache.org>; Igor Sapego <
>>> > isapego@apache.org>;
>>> > >> Pavel
>>> > >> > Petroshenko <p@nobitlost.com>; Nikolay Izhikov <
>>> nizhikov@apache.org>
>>> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S.
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Thanks, Pavel!
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Denis, Pavel, Igniters, please review the following proposal:
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage.
>>> > >> >
>>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE
usage.
>>> > >> >
>>> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage.
>>> > >> >
>>> > >> > - TDE to be declared as JCA/JCE
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Export matrix data to be published in ASF-level SVN:
>>> > >> >
>>> > >> > <<<<<
>>> > >> >
>>> > >> > Product Name
>>> > >> >
>>> > >> > Apache Ignite
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Versions
>>> > >> >
>>> > >> > development
>>> > >> >
>>> > >> > 2.7 and later <Earlier versions-TBD?>
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > ECCN
>>> > >> >
>>> > >> > 5D002
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Controlled source
>>> > >> >
>>> > >> > ASF
>>> > >> >
>>> > >> > title=Designed to use with built-in Java Cryptography Architecture
>>> > (JCA)
>>> > >> >
>>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Oracle
>>> > >> >
>>> > >> > title=Designed to use with built-in Java encryption libraries
>>> (JCE)
>>> > >> >
>>> > >> > href=
>>> > >> https://www.oracle.com/technetwork/java/javase/downloads/index.html
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > The OpenSSL Project
>>> > >> >
>>> > >> > title=Designed to use General Purpose cryptography library
>>> included
>>> > with
>>> > >> >
>>> > >> > OpenSSL
>>> > >> >
>>> > >> > href=https://www.openssl.org/source/
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Microsoft
>>> > >> >
>>> > >> > title=Designed to use .NET Framework Cryptography Model
>>> > >> >
>>> > >> > href=https://dotnet.microsoft.com/download
>>> > >> >
>>> > >> > >>>>>>
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Open questions:
>>> > >> >
>>> > >> > 1) Declaring older versions of Ignite.
>>> > >> >
>>> > >> > 2) Is it correct to mention that Ignite uses .NET core controlled
>>> by
>>> > >> .NET
>>> > >> >
>>> > >> > Foundation? E.g. as follows:
>>> > >> >
>>> > >> > (controlled by)
>>> > >> >
>>> > >> > .NET Foundation
>>> > >> >
>>> > >> > title=Designed to use .NET Framework Cryptography Model
>>> > >> >
>>> > >> > href=https://dotnetfoundation.org/projects
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Should it go instead of Microsoft? Should we mention .NET
code in
>>> > >> addition
>>> > >> >
>>> > >> > to Microsoft?
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Sincerely,
>>> > >> >
>>> > >> > Dmitriy Pavlov
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <ptupitsyn@apache.org
>>> >:
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > > Hi Denis,
>>> > >> >
>>> > >> > >
>>> > >> >
>>> > >> > > Ignite.NET uses .NET Framework Standard Library for all
>>> security and
>>> > >> >
>>> > >> > > cryptographic related code. There are no dependencies
on
>>> external
>>> > >> >
>>> > >> > > libraries.
>>> > >> >
>>> > >> > >
>>> > >> >
>>> > >> > > Thanks
>>> > >> >
>>> > >> > >
>>> > >> >
>>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <dmagda@apache.org>:
>>> > >> >
>>> > >> > >
>>> > >> >
>>> > >> > > > Igniters,
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > > Regardless of the fact that Ignite is an open source
>>> software, ASF
>>> > >> as
>>> > >> > an
>>> > >> >
>>> > >> > > > entity based in the U.S. has to comply with certain
exporting
>>> > >> > regulations
>>> > >> >
>>> > >> > > > [1].
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > > Dmitry Pavlov and I are working on adding Ignite
to the table
>>> [2]
>>> > of
>>> > >> >
>>> > >> > > > projects allowed for export and might need the assistance
of
>>> some
>>> > of
>>> > >> > you.
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > > Here is a list of cryptographic functions used by
Ignite (and
>>> > >> provided
>>> > >> > by
>>> > >> >
>>> > >> > > > a 3rd party vendor):
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > >    1. JDK SSL/TLS libraries if a user wishes to
enable secured
>>> > >> >
>>> > >> > > >    connectivity between cluster nodes. Manufacturer
-
>>> > >> Oracle/OpenJDK (
>>> > >> >
>>> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
>>> > >> >
>>> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the
Java
>>> libraries
>>> > >> for
>>> > >> >
>>> > >> > > >    transparent data encryption of data on disk (
>>> > >> >
>>> > >> > > >
>>> > https://apacheignite.readme.io/docs/transparent-data-encryption)
>>> > >> >
>>> > >> > > >    3. Libraries/vendors for .NET nodes security?*
Pavel
>>> Tupitsyn*,
>>> > >> > could
>>> > >> >
>>> > >> > > >    you check?
>>> > >> >
>>> > >> > > >    4. Libraries/vendors for C++ clients security
(SSL, TLS,
>>> > anything
>>> > >> >
>>> > >> > > >    else?). *Igor Sapego*, could you please check?
>>> > >> >
>>> > >> > > >    5. Libraries/vendors for Python, PHP, Node.JS
SSL/TLS?
>>> *Dear
>>> > thin
>>> > >> >
>>> > >> > > >    client contributors*, please facilitate.
>>> > >> >
>>> > >> > > >    6. Anything else missing from the list? We don't
have any
>>> > custom
>>> > >> >
>>> > >> > > >    crypto features, right?
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > > All of these usages/integrations have to comply
with the
>>> following
>>> > >> >
>>> > >> > > > checklist [3] before I, as a PMC Chair, submit a
notice to
>>> Export
>>> > >> >
>>> > >> > > > Administration Regulations of the U.S.A.
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > > [1] http://www.apache.org/licenses/exports/
>>> > >> >
>>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix
>>> > >> >
>>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > > -
>>> > >> >
>>> > >> > > > Denis
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > >
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >>
>>> > >
>>> >
>>>
>>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message