Return-Path: X-Original-To: apmail-legal-discuss-archive@www.apache.org Delivered-To: apmail-legal-discuss-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2A403108A0 for ; Tue, 18 Mar 2014 23:01:36 +0000 (UTC) Received: (qmail 49725 invoked by uid 500); 18 Mar 2014 23:01:23 -0000 Delivered-To: apmail-legal-discuss-archive@apache.org Received: (qmail 49528 invoked by uid 500); 18 Mar 2014 23:01:22 -0000 Mailing-List: contact legal-discuss-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: Reply-To: legal-discuss@apache.org List-Id: Delivered-To: mailing list legal-discuss@apache.org Received: (qmail 49517 invoked by uid 99); 18 Mar 2014 23:01:22 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Mar 2014 23:01:22 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of kevan.miller@gmail.com designates 74.125.82.182 as permitted sender) Received: from [74.125.82.182] (HELO mail-we0-f182.google.com) (74.125.82.182) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Mar 2014 23:01:16 +0000 Received: by mail-we0-f182.google.com with SMTP id p61so6506661wes.13 for ; Tue, 18 Mar 2014 16:00:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:from:date:message-id:subject:to:cc :content-type; bh=KzG1ED27xP6ub7pn6wRjOVSwZ2FTZh343jm3cQfw8ts=; b=I+47eT6dPXa289ZworFr1QvSq0+gd8DZo5K1t9kl58XgUSauwFlBWprpcshSh/ClVK /5uowC4w6VUAZXxjlCvsXkq33ZfiV2JspGhrpeh33nRmIj6aft5uaoA4md+5IPOptF59 vlcnLAtRl3o5iTj9SFKuxAx4KEB1FFVG7KEF3DJP9HR8cdl65X30h1xwVdQbr9lI7kOE CjsvwnmPOxiNg1LT1EVUZzcrsfZq9y53A+rqULD2ptpunkYY95g7LhLf13IHDd/yUh37 wnPxXLIK0EIqYa0TwzGKZfKYLnCR8zCVUEIiG0nL2GerRbSkVNFGxh+JT4s/zYmxA1Yp FQTA== X-Received: by 10.195.12.14 with SMTP id em14mr15330992wjd.15.1395183655299; Tue, 18 Mar 2014 16:00:55 -0700 (PDT) MIME-Version: 1.0 References: <8916E02D-0D7E-433F-A55D-0A6DC008D077@apache.org> From: Kevan Miller Date: Tue, 18 Mar 2014 23:00:54 +0000 Message-ID: Subject: Apache Cayenne adding data encryption - how to stay compliant To: legal-discuss@apache.org Cc: private@cayenne.apache.org Content-Type: multipart/alternative; boundary=047d7bf0d62a2bb0ce04f4e982b9 X-Virus-Checked: Checked by ClamAV on apache.org --047d7bf0d62a2bb0ce04f4e982b9 Content-Type: text/plain; charset=ISO-8859-1 On Mon Mar 17 2014 at 7:26:34 AM, Andrus Adamchik wrote: > Hi legal-discuss, > > We (the Apache Cayenne project) are working on a pluggable transparent > mechanism that will allow users to store certain columns in RDBMS in an > encrypted form [1]. The basic code is already committed (using ROT13 > "encryption" as a proof of concept), and now we are approaching a point > when we write the code that will manage real ciphers using JCE (Java > Cryptography Extension) API. Cayenne itself will not contain any > cryptographic algorithms per se, but it will be specifically designed to > work with such algorithms provided by Java. > > So what do we need to do to stay compliant with US export regulations? I > am checking the relevant page on our site [2], which has this note: > > "the regulations covering US export control laws for encryption were > changed on June 25th 2010. This page describes the previous process. Until > an updated version has been drawn up and approved by the Apache VP Legal > Affairs, projects should check with the legal-discuss list before > proceeding." > > So what is the current procedure? > IIRC, the last several requests have been passed by Sam to counsel. And the response has always been follow the process described on that web page. Not sure if Jim wants to follow a different process... I don't know why that page was updated in the first place and I'm not really up-to-speed with export control laws. --kevan --047d7bf0d62a2bb0ce04f4e982b9 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Mon Mar 17 2014 at 7:26:34 AM, Andrus Adamchik <aadamchik@apache.org> wrote:
Hi legal-discuss,

We (the Apache Cayenne project) are working on a pluggable transparent mech= anism that will allow users to store certain columns in RDBMS in an encrypt= ed form [1]. The basic code is already committed (using ROT13 “encryp= tion” as a proof of concept), and now we are approaching a point when= we write the code that will manage real ciphers using JCE (Java Cryptograp= hy Extension) API. Cayenne itself will not contain any cryptographic algori= thms per se, but it will be specifically designed to work with such algorit= hms provided by Java.

So what do we need to do to stay compliant with US export regulations? I am= checking the relevant page on our site [2], which has this note:

"the regulations covering US export control laws for encryption were c= hanged on June 25th 2010. This page describes the previous process. Until a= n updated version has been drawn up and approved by the Apache VP Legal Aff= airs, projects should check with the legal-discuss list before proceeding.&= rdquo;

So what is the current procedure?

IIRC,= the last several requests have been passed by Sam to counsel. And the resp= onse has always been follow the process described on that web page. Not sur= e if Jim wants to follow a different process...

I don't know why that page was updated in the first= place and I'm not really up-to-speed with export control laws.

--kevan
--047d7bf0d62a2bb0ce04f4e982b9--