incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stian Soiland-Reyes <st...@apache.org>
Subject Re: ECCN cryptography reporting?
Date Mon, 09 May 2016 11:20:50 GMT
I would be happy if Taverna doesn't meet the ECCN registration criteria :)


I think we are not exempt overall from the 2010 decontrolling:

https://www.bis.doc.gov/index.php/policy-guidance/encryption/identifying-encryption-items#Three

because we do a lot of "sending and receiving information" - or at
least most Taverna workflows do that.


I would think our Credential Manager is  "designed to use encryption
functionality" - We register handlers with JSSE, in particular to
manage user-accepted client/server certificates (as in the browser).
We don't require JCE Strong Encryption, but recommend you do  (as
otherwise your passphrase is limited to 6 characters!) - we also use
Bouncy Castle (ECCN classified) APIs directly for managing the
keychain.

https://github.com/apache/incubator-taverna-engine/#export-restrictions


Our web service integration use WSS4J and XML Security (also ECCN
classified), and of course the REST service can make https connections
using the above certificate handling.

https://github.com/apache/incubator-taverna-common-activities/#export-restrictions


While the immediate release won't include a binary distribution for
dist.apache.org, we plan that for later releases, and they would
include JARs like Bouncy Castle, HTTPComponent and WSS4J - so while it
could be unclear right now what "use" means - there will be "include"
later.


Likewise some of our Maven Central JARs could include shading of say
Apache HTTPComponents, which is EECN-classified.

On 5 May 2016 at 18:48, John D. Ament <john.d.ament@gmail.com> wrote:
> Ted,
>
> I think that's my point.  It sounds like taverna doesn't meet the criteria.
>
> John
> On May 5, 2016 13:07, "Ted Dunning" <ted.dunning@gmail.com> wrote:
>
>> John,
>>
>> I love what you do and respect what you say, but do you have a citation for
>> that registration requirement?  Taverna isn't distributing JSSE and it
>> allows weak encryption.
>>
>>
>>
>> On Wed, May 4, 2016 at 7:36 PM, John D. Ament <johndament@apache.org>
>> wrote:
>>
>> > That's the thing, JSSE is an add-on encryption component in Java.  If the
>> > product requires it, you have to register it.
>> >
>> > Ideally the product shouldn't require it and make it an optional feature
>> to
>> > enable.
>> >
>> > The latter is just my $0.02
>> >
>> > John
>> > On May 4, 2016 21:30, "Ted Dunning" <ted.dunning@gmail.com> wrote:
>> >
>> > I am pretty dubious that simply building a credential store using
>> standard
>> > JSSE requires registration. Same for HTTPS support.
>> >
>> >
>> >
>> > On Wed, May 4, 2016 at 6:23 PM, Ted Dunning <ted.dunning@gmail.com>
>> wrote:
>> >
>> > >
>> > > My guess is that this would fall to me.
>> > >
>> > > There is considerable analysis to be done to determine whether filing
>> is
>> > > required.
>> > >
>> > > Are you guys documenting the decision points?
>> > >
>> > >
>> > >
>> > > On Wed, May 4, 2016 at 4:45 AM, Stian Soiland-Reyes <stain@apache.org>
>> > > wrote:
>> > >
>> > >> On 2 May 2016 at 03:23, Stian Soiland-Reyes <stain@apache.org>
wrote:
>> > >>
>> > >> > Formally - would it need to be the Incubator PMC chair sending
the
>> > >> > ECCN encryption email?
>> > >>
>> > >> Could anyone from IPMC (e.g. our mentors) do it, or just Ted Dunning?
>> > >>
>> > >> --
>> > >> Stian Soiland-Reyes
>> > >> Apache Taverna (incubating), Apache Commons RDF (incubating)
>> > >> http://orcid.org/0000-0001-9842-9718
>> > >>
>> > >> ---------------------------------------------------------------------
>> > >> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> > >> For additional commands, e-mail: general-help@incubator.apache.org
>> > >>
>> > >>
>> > >
>> >
>>



-- 
Stian Soiland-Reyes
Apache Taverna (incubating), Apache Commons RDF (incubating)
http://orcid.org/0000-0001-9842-9718

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message