www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevan Miller <kevan.mil...@gmail.com>
Subject Apache Cayenne adding data encryption - how to stay compliant
Date Tue, 18 Mar 2014 23:00:54 GMT
On Mon Mar 17 2014 at 7:26:34 AM, Andrus Adamchik <aadamchik@apache.org>

> Hi legal-discuss,
> We (the Apache Cayenne project) are working on a pluggable transparent
> mechanism that will allow users to store certain columns in RDBMS in an
> encrypted form [1]. The basic code is already committed (using ROT13
> "encryption" as a proof of concept), and now we are approaching a point
> when we write the code that will manage real ciphers using JCE (Java
> Cryptography Extension) API. Cayenne itself will not contain any
> cryptographic algorithms per se, but it will be specifically designed to
> work with such algorithms provided by Java.
> So what do we need to do to stay compliant with US export regulations? I
> am checking the relevant page on our site [2], which has this note:
> "the regulations covering US export control laws for encryption were
> changed on June 25th 2010. This page describes the previous process. Until
> an updated version has been drawn up and approved by the Apache VP Legal
> Affairs, projects should check with the legal-discuss list before
> proceeding."
> So what is the current procedure?

IIRC, the last several requests have been passed by Sam to counsel. And the
response has always been follow the process described on that web page. Not
sure if Jim wants to follow a different process...

I don't know why that page was updated in the first place and I'm not
really up-to-speed with export control laws.


View raw message