www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Vines <vi...@apache.org>
Subject ECCN crypto check
Date Fri, 13 Sep 2013 16:02:30 GMT
I'm a developer for Apache Accumulo and while doing some research into
adding a bouncycastle crypto dependency I stumbled across
http://www.apache.org/dev/crypto.html which says I should check with you
folks. We currently have 2 different aspects of crypto in development to
check on.

1. We're working on adding SSL support, and we're planning on using
bouncycastle for some of the crypto implementation. Judging from TIKA, it
seems that this is enough to do some sort of policy work to make this
kosher since we would like to actually package bouncycastle in our
releases. And just in case, if we decide to make it an external dependency,
do we still need to take care of anything to satisfy policy?

2. We also have support for on disk encryption of user's data. It is a
pluggable interface that user's can create their own cryptomodule (probably
based on top of existing crypto stuff). We do include an implementation of
it which utilizes javax.crypto in order to do it's cryptography. Does this
require some policy work? What if we remove that javax.crypto
implementation?

Thanks
John

Mime
View raw message