From dev-return-46365-archive-asf-public=cust-asf.ponee.io@ignite.apache.org Wed Jun 19 18:35:52 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 66FAC18060F for ; Wed, 19 Jun 2019 20:35:52 +0200 (CEST) Received: (qmail 99991 invoked by uid 500); 19 Jun 2019 18:35:51 -0000 Mailing-List: contact dev-help@ignite.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ignite.apache.org Delivered-To: mailing list dev@ignite.apache.org Received: (qmail 99980 invoked by uid 99); 19 Jun 2019 18:35:51 -0000 Received: from Unknown (HELO mailrelay1-lw-us.apache.org) (10.10.3.159) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Jun 2019 18:35:51 +0000 Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mailrelay1-lw-us.apache.org (ASF Mail Server at mailrelay1-lw-us.apache.org) with ESMTPSA id E90C71C95 for ; Wed, 19 Jun 2019 18:35:50 +0000 (UTC) Received: by mail-wm1-f48.google.com with SMTP id u8so538194wmm.1 for ; Wed, 19 Jun 2019 11:35:50 -0700 (PDT) X-Gm-Message-State: APjAAAWF8TA+r44b9TwQTdU5rdK+7kp5Mxx4UHkk1p4lRBhlIfS6vDt6 h81HFKLsY9Vxu14nn5gHsa1uYSd0LlGg7gOzVCA= X-Google-Smtp-Source: APXvYqzYvozihliSSeotBrGJX4Smmr6yc25Y9A8SRLrQYQd+Qz7RqNITwOxLU3QyZhxEfdEtY2rjG0xtwaFiLgRREow= X-Received: by 2002:a7b:c450:: with SMTP id l16mr9989197wmi.0.1560969349706; Wed, 19 Jun 2019 11:35:49 -0700 (PDT) MIME-Version: 1.0 References: <5d07a1ab.1c69fb81.cd774.da6d@mx.google.com> In-Reply-To: From: Dmitriy Pavlov Date: Wed, 19 Jun 2019 21:35:38 +0300 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Signing off Ignite for export beyond the U.S. To: dev Cc: Garrett Alley Content-Type: multipart/alternative; boundary="0000000000009838bf058bb17ffa" --0000000000009838bf058bb17ffa Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Denis, I still have no info related to starting version of .NET encryption support. So I supposed it was 1.5. I've started both XSTLs and added an example of both XLTs output to google doc tabs. One transformer is for email template generation (requires project name), another is for the site table. Only one TODO now left in the PR version of the update. All other stuff is ready for publishing: https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db= 91f7550479cR8 Sincerely, Dmitriy Pavlov P.S. I'm not sure that dev. the list will keep formatting, but anyway here is transformer output example as text. Apache Ignite Project Product Name Versions ECCN Controlled Source Apache Ignite development 5D002 ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse Foundation 2.5.0 - latest 5D002 ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse Foundation 1.5.0.final - 2.4.0 5D002 ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse Foundation 1.0.0 - 1.5.0-b1 5D002 ASF, Oracle, JCraft, Inc., The Eclipse Foundation =D1=81=D1=80, 19 =D0=B8=D1=8E=D0=BD. 2019 =D0=B3. =D0=B2 15:05, Dmitriy Pav= lov : > Igniters, > > as for older versions, I've started to collect information of crypto > providers usages in older versions, please help me to finalize this doc s= o > I could prepare a declaration of older versions. > > > https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_m= zhgM96rcbo/edit?usp=3Dsharing > > I'm not sure if the time of Incubation counts, but, anyway, let' collect > information about the history of modules. > > Sincerely, > Dmitriy Pavlov > > =D1=81=D1=80, 19 =D0=B8=D1=8E=D0=BD. 2019 =D0=B3. =D0=B2 14:05, Dmitriy P= avlov : > >> Hi Denis, >> >> Build process seems to be mentioned only here >> https://www.apache.org/dev/crypto.html#sources It also mentions some >> bisnotice XSLT transformation, which is available at SVN here >> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licen= ses/exports/ >> >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from >> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licen= ses/exports/index.page/ >> is more appropriate. I will test it locally. >> >> The only thing I've found for now is the following scripts at the root o= f >> SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/ >> bisnotice.cmd >> bisnotice.sh >> >> Sincerely, >> Dmitriy Pavlov >> >> =D1=81=D1=80, 19 =D0=B8=D1=8E=D0=BD. 2019 =D0=B3. =D0=B2 01:40, Denis Ma= gda : >> >>> Dmitriy, >>> >>> I think that it's required to enlist all of the publicly released Ignit= e >>> versions (available for download from the website). It means that the X= ML >>> should have the following controlled sources grouped by Ignite versions= ' >>> ranges. >>> >>> - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse Foundatio= n >>> - Ignite 1.5.0 and later: all of the controller versions listed by >>> you. >>> >>> Not sure about JCraft only. What was the first Ignite version the lib w= as >>> added to? >>> >>> As for .NET versions declarations, I'm for the way it handled right now >>> by >>> you. Btw, do you know where ASF explains the website build process? >>> Failed >>> to find it, it's not enough just to update the XML. >>> >>> Finally, looping in Garrett who can help with the editorial review. >>> Garrett, could you please review README.txt from this pull-request? >>> >>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916= e9da9b91b2aac64R29 >>> >>> >>> - >>> Denis >>> >>> >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov >>> wrote: >>> >>> > Igniters, >>> > >>> > please review crypto notice in >>> > >>> > >>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916= e9da9b91b2aac64R29 >>> > >>> > Only 2 open questions: about declaring released versions, and about >>> > declaring .NET versions (.NET Core & . NET Classic). By default, I >>> propose >>> > to keep both. >>> > >>> > Sincerely, >>> > Dmitriy Pavlov >>> > >>> > =D0=BF=D0=BD, 17 =D0=B8=D1=8E=D0=BD. 2019 =D0=B3. =D0=B2 19:24, Dmitr= iy Pavlov : >>> > >>> > > Pavel, >>> > > >>> > > we need to follow the process from >>> > > https://www.apache.org/dev/crypto.html#classify >>> > > >>> > > Please see similar products in the draft export matrix, >>> > > >>> > > >>> > >>> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb= 48db91f7550479cR7 >>> > > >>> > > >>> > > We don't ship JDK, but we designed our product to use a cryptograph= ic >>> > > feature from this 3rd party product, so we need to follow this >>> process >>> > and >>> > > provide matrix update, add CRYPTO notice (I'll draft it). >>> > > >>> > > Other products don't declare all possible JDKs - >>> > > http://www.apache.org/licenses/exports/#matrix So, probably, one >>> > > declaration of .NET classic (Microsoft) would be enough. >>> > > >>> > > Sincerely, >>> > > Dmitriy Pavlov >>> > > >>> > > =D0=BF=D0=BD, 17 =D0=B8=D1=8E=D0=BD. 2019 =D0=B3. =D0=B2 19:11, Pav= el Tupitsyn : >>> > > >>> > >> >>Should it go instead of Microsoft? Should we mention .NET code i= n >>> > >> addition >>> > >> >>> > >> >>to Microsoft? >>> > >> >>> > >> >>> > >> >>> > >> >Yes, I think we can do this. Ignite targets both of the them. And >>> .NET >>> > >> Core uses it=E2=80=99s own implementation of standard class librar= y[1] >>> > >> >>> > >> >Pavel may correct me. >>> > >> >>> > >> >>> > >> We use crypto APIs from standard class library. We ship our >>> binaries, >>> > but >>> > >> we don't ship the framework binaries. >>> > >> >>> > >> Our binaries can be executed with .NET Core (open-source, MIT >>> license), >>> > >> Mono (open-source, MIT license), and .NET Classic (old framework, >>> > >> Windows-only, Microsoft license). >>> > >> >>> > >> I'm still not sure what is the question we are trying to answer, >>> though. >>> > >> >>> > >> >>> > >> Thanks, >>> > >> >>> > >> Pavel >>> > >> >>> > >> >>> > >> >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin >> > >>> > >> wrote: >>> > >> >>> > >> > >1) Declaring older versions of Ignite. >>> > >> > >>> > >> > >2) Is it correct to mention that Ignite uses .NET core >>> controlled by >>> > >> .NET >>> > >> > >>> > >> > >Foundation? E.g. as follows: >>> > >> > >>> > >> > >(controlled by) >>> > >> > >>> > >> > >.NET Foundation >>> > >> > >>> > >> > >title=3DDesigned to use .NET Framework Cryptography Model >>> > >> > >>> > >> > >href=3Dhttps://dotnetfoundation.org/projects >>> > >> > >>> > >> > >>> > >> > >>> > >> > >Should it go instead of Microsoft? Should we mention .NET code = in >>> > >> addition >>> > >> > >>> > >> > >to Microsoft? >>> > >> > >>> > >> > >>> > >> > >>> > >> > Yes, I think we can do this. Ignite targets both of the them. An= d >>> .NET >>> > >> > Core uses it=E2=80=99s own implementation of standard class libr= ary[1] >>> > >> > >>> > >> > Pavel may correct me. >>> > >> > >>> > >> > >>> > >> > >>> > >> > [1] https://github.com/dotnet/corefx >>> > >> > >>> > >> > >>> > >> > >>> > >> > *From: *Dmitriy Pavlov >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM >>> > >> > *To: *dev >>> > >> > *Cc: *Denis Magda ; Igor Sapego < >>> > isapego@apache.org>; >>> > >> Pavel >>> > >> > Petroshenko ; Nikolay Izhikov < >>> nizhikov@apache.org> >>> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S. >>> > >> > >>> > >> > >>> > >> > >>> > >> > Thanks, Pavel! >>> > >> > >>> > >> > >>> > >> > >>> > >> > Denis, Pavel, Igniters, please review the following proposal: >>> > >> > >>> > >> > >>> > >> > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage. >>> > >> > >>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage. >>> > >> > >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage. >>> > >> > >>> > >> > - TDE to be declared as JCA/JCE >>> > >> > >>> > >> > >>> > >> > >>> > >> > Export matrix data to be published in ASF-level SVN: >>> > >> > >>> > >> > <<<<< >>> > >> > >>> > >> > Product Name >>> > >> > >>> > >> > Apache Ignite >>> > >> > >>> > >> > >>> > >> > >>> > >> > Versions >>> > >> > >>> > >> > development >>> > >> > >>> > >> > 2.7 and later >>> > >> > >>> > >> > >>> > >> > >>> > >> > ECCN >>> > >> > >>> > >> > 5D002 >>> > >> > >>> > >> > >>> > >> > >>> > >> > Controlled source >>> > >> > >>> > >> > ASF >>> > >> > >>> > >> > title=3DDesigned to use with built-in Java Cryptography Architec= ture >>> > (JCA) >>> > >> > >>> > >> > href=3Dhttps://gitbox.apache.org/repos/asf?p=3Dignite.git >>> > >> > >>> > >> > >>> > >> > >>> > >> > Oracle >>> > >> > >>> > >> > title=3DDesigned to use with built-in Java encryption libraries >>> (JCE) >>> > >> > >>> > >> > href=3D >>> > >> https://www.oracle.com/technetwork/java/javase/downloads/index.htm= l >>> > >> > >>> > >> > >>> > >> > >>> > >> > The OpenSSL Project >>> > >> > >>> > >> > title=3DDesigned to use General Purpose cryptography library >>> included >>> > with >>> > >> > >>> > >> > OpenSSL >>> > >> > >>> > >> > href=3Dhttps://www.openssl.org/source/ >>> > >> > >>> > >> > >>> > >> > >>> > >> > Microsoft >>> > >> > >>> > >> > title=3DDesigned to use .NET Framework Cryptography Model >>> > >> > >>> > >> > href=3Dhttps://dotnet.microsoft.com/download >>> > >> > >>> > >> > >>>>>> >>> > >> > >>> > >> > >>> > >> > >>> > >> > Open questions: >>> > >> > >>> > >> > 1) Declaring older versions of Ignite. >>> > >> > >>> > >> > 2) Is it correct to mention that Ignite uses .NET core controlle= d >>> by >>> > >> .NET >>> > >> > >>> > >> > Foundation? E.g. as follows: >>> > >> > >>> > >> > (controlled by) >>> > >> > >>> > >> > .NET Foundation >>> > >> > >>> > >> > title=3DDesigned to use .NET Framework Cryptography Model >>> > >> > >>> > >> > href=3Dhttps://dotnetfoundation.org/projects >>> > >> > >>> > >> > >>> > >> > >>> > >> > Should it go instead of Microsoft? Should we mention .NET code i= n >>> > >> addition >>> > >> > >>> > >> > to Microsoft? >>> > >> > >>> > >> > >>> > >> > >>> > >> > Sincerely, >>> > >> > >>> > >> > Dmitriy Pavlov >>> > >> > >>> > >> > >>> > >> > >>> > >> > =D0=BF=D0=BD, 17 =D0=B8=D1=8E=D0=BD. 2019 =D0=B3. =D0=B2 16:07, = Pavel Tupitsyn >> >: >>> > >> > >>> > >> > >>> > >> > >>> > >> > > Hi Denis, >>> > >> > >>> > >> > > >>> > >> > >>> > >> > > Ignite.NET uses .NET Framework Standard Library for all >>> security and >>> > >> > >>> > >> > > cryptographic related code. There are no dependencies on >>> external >>> > >> > >>> > >> > > libraries. >>> > >> > >>> > >> > > >>> > >> > >>> > >> > > Thanks >>> > >> > >>> > >> > > >>> > >> > >>> > >> > > =D1=81=D1=80, 12 =D0=B8=D1=8E=D0=BD. 2019 =D0=B3., 21:07 Denis= Magda : >>> > >> > >>> > >> > > >>> > >> > >>> > >> > > > Igniters, >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > Regardless of the fact that Ignite is an open source >>> software, ASF >>> > >> as >>> > >> > an >>> > >> > >>> > >> > > > entity based in the U.S. has to comply with certain exportin= g >>> > >> > regulations >>> > >> > >>> > >> > > > [1]. >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the tabl= e >>> [2] >>> > of >>> > >> > >>> > >> > > > projects allowed for export and might need the assistance of >>> some >>> > of >>> > >> > you. >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > Here is a list of cryptographic functions used by Ignite (an= d >>> > >> provided >>> > >> > by >>> > >> > >>> > >> > > > a 3rd party vendor): >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > 1. JDK SSL/TLS libraries if a user wishes to enable secur= ed >>> > >> > >>> > >> > > > connectivity between cluster nodes. Manufacturer - >>> > >> Oracle/OpenJDK ( >>> > >> > >>> > >> > > > https://apacheignite.readme.io/docs/ssltls) >>> > >> > >>> > >> > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java >>> libraries >>> > >> for >>> > >> > >>> > >> > > > transparent data encryption of data on disk ( >>> > >> > >>> > >> > > > >>> > https://apacheignite.readme.io/docs/transparent-data-encryption) >>> > >> > >>> > >> > > > 3. Libraries/vendors for .NET nodes security?* Pavel >>> Tupitsyn*, >>> > >> > could >>> > >> > >>> > >> > > > you check? >>> > >> > >>> > >> > > > 4. Libraries/vendors for C++ clients security (SSL, TLS, >>> > anything >>> > >> > >>> > >> > > > else?). *Igor Sapego*, could you please check? >>> > >> > >>> > >> > > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? >>> *Dear >>> > thin >>> > >> > >>> > >> > > > client contributors*, please facilitate. >>> > >> > >>> > >> > > > 6. Anything else missing from the list? We don't have any >>> > custom >>> > >> > >>> > >> > > > crypto features, right? >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > All of these usages/integrations have to comply with the >>> following >>> > >> > >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to >>> Export >>> > >> > >>> > >> > > > Administration Regulations of the U.S.A. >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > [1] http://www.apache.org/licenses/exports/ >>> > >> > >>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix >>> > >> > >>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > > - >>> > >> > >>> > >> > > > Denis >>> > >> > >>> > >> > > > >>> > >> > >>> > >> > > >>> > >> > >>> > >> > >>> > >> > >>> > >> >>> > > >>> > >>> >> --0000000000009838bf058bb17ffa--