www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevan Miller <kevan.mil...@gmail.com>
Subject Re: ECCN crypto check
Date Mon, 16 Sep 2013 00:31:45 GMT
The last request we had on this subject was forwarded to the SFLC.

Same process here? I don't know where the previous case (Commons?) ended up.


On Sep 13, 2013, at 9:02 AM, John Vines <vines@apache.org> wrote:

> I'm a developer for Apache Accumulo and while doing some research into adding a bouncycastle
crypto dependency I stumbled across http://www.apache.org/dev/crypto.html which says I should
check with you folks. We currently have 2 different aspects of crypto in development to check
> 1. We're working on adding SSL support, and we're planning on using bouncycastle for
some of the crypto implementation. Judging from TIKA, it seems that this is enough to do some
sort of policy work to make this kosher since we would like to actually package bouncycastle
in our releases. And just in case, if we decide to make it an external dependency, do we still
need to take care of anything to satisfy policy?
> 2. We also have support for on disk encryption of user's data. It is a pluggable interface
that user's can create their own cryptomodule (probably based on top of existing crypto stuff).
We do include an implementation of it which utilizes javax.crypto in order to do it's cryptography.
Does this require some policy work? What if we remove that javax.crypto implementation?
> Thanks
> John

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message