Signing off Ignite for export beyond the U.S.

[Denis Magda <dm...@apache.org>]

Igniters,

Regardless of the fact that Ignite is an open source software, ASF as an
entity based in the U.S. has to comply with certain exporting regulations
[1].

Dmitry Pavlov and I are working on adding Ignite to the table [2] of
projects allowed for export and might need the assistance of some of you.

Here is a list of cryptographic functions used by Ignite (and provided by a
3rd party vendor):

   1. JDK SSL/TLS libraries if a user wishes to enable secured connectivity
   between cluster nodes. Manufacturer - Oracle/OpenJDK (
   https://apacheignite.readme.io/docs/ssltls)
   2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for
   transparent data encryption of data on disk (
   https://apacheignite.readme.io/docs/transparent-data-encryption)
   3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, could
   you check?
   4. Libraries/vendors for C++ clients security (SSL, TLS, anything
   else?). *Igor Sapego*, could you please check?
   5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin client
   contributors*, please facilitate.
   6. Anything else missing from the list? We don't have any custom crypto
   features, right?

All of these usages/integrations have to comply with the following
checklist [3] before I, as a PMC Chair, submit a notice to Export
Administration Regulations of the U.S.A.

[1] http://www.apache.org/licenses/exports/
[2] http://www.apache.org/licenses/exports/#matrix
[3] https://www.apache.org/dev/crypto.html#classify


-
Denis

Re: Signing off Ignite for export beyond the U.S.

[Dmitriy Pavlov <dp...@apache.org>]

Igniters,



One more usage,we need to mention at Export matrix data:

<<< ++++

JCraft, Inc.

title=Provides encryption SSH library

href=http://www.jcraft.com/jsch/

>>> ++++


One more thing I would like to declare as an open question:

3) Is it possible to setup HTTPs connection to Ignite Rest API?

https://apacheignite.readme.io/docs/rest-api

If it is possible, then we should add

The Eclipse Foundation

title=HTTPs support in Jetty (using SSL)

href=http://www.eclipse.org/jetty/




BTW, detailed information should be included into CRYPTO notice file like
following https://ant.apache.org/ivy/CryptoNotice.html

So please provide as much information as it is possible.


Sincerely,

Dmitriy Pavlov


пн, 17 июн. 2019 г. в 16:35, Dmitriy Pavlov <dp...@apache.org>:

> Thanks, Pavel!
>
> Denis, Pavel, Igniters, please review the following proposal:
>
> - Python, Node JS, ODBC to be declared as OpenSSL usage.
> - AWS-S3 client-side encryption to be declared as JCA/JCE usage.
> - SSLContextFactory usage to be declared as JCA/JCE usage.
> - TDE to be declared as JCA/JCE
>
> Export matrix data to be published in ASF-level SVN:
> <<<<<
> Product Name
> Apache Ignite
>
> Versions
> development
> 2.7 and later <Earlier versions-TBD?>
>
> ECCN
> 5D002
>
> Controlled source
> ASF
> title=Designed to use with built-in Java Cryptography Architecture (JCA)
> href=https://gitbox.apache.org/repos/asf?p=ignite.git
>
> Oracle
> title=Designed to use with built-in Java encryption libraries (JCE)
> href=https://www.oracle.com/technetwork/java/javase/downloads/index.html
>
> The OpenSSL Project
> title=Designed to use General Purpose cryptography library included with
> OpenSSL
> href=https://www.openssl.org/source/
>
> Microsoft
> title=Designed to use .NET Framework Cryptography Model
> href=https://dotnet.microsoft.com/download
>  >>>>>>
>
> Open questions:
> 1) Declaring older versions of Ignite.
> 2) Is it correct to mention that Ignite uses .NET core controlled by  .NET
> Foundation? E.g. as follows:
> (controlled by)
> .NET Foundation
> title=Designed to use .NET Framework Cryptography Model
> href=https://dotnetfoundation.org/projects
>
> Should it go instead of Microsoft? Should we mention .NET code in addition
> to Microsoft?
>
> Sincerely,
> Dmitriy Pavlov
>
> пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <pt...@apache.org>:
>
>> Hi Denis,
>>
>> Ignite.NET uses .NET Framework Standard Library for all security and
>> cryptographic related code. There are no dependencies on external
>> libraries.
>>
>> Thanks
>>
>> ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:
>>
>> > Igniters,
>> >
>> > Regardless of the fact that Ignite is an open source software, ASF as an
>> > entity based in the U.S. has to comply with certain exporting
>> regulations
>> > [1].
>> >
>> > Dmitry Pavlov and I are working on adding Ignite to the table [2] of
>> > projects allowed for export and might need the assistance of some of
>> you.
>> >
>> > Here is a list of cryptographic functions used by Ignite (and provided
>> by
>> > a 3rd party vendor):
>> >
>> >    1. JDK SSL/TLS libraries if a user wishes to enable secured
>> >    connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK (
>> >    https://apacheignite.readme.io/docs/ssltls)
>> >    2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for
>> >    transparent data encryption of data on disk (
>> >    https://apacheignite.readme.io/docs/transparent-data-encryption)
>> >    3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, could
>> >    you check?
>> >    4. Libraries/vendors for C++ clients security (SSL, TLS, anything
>> >    else?). *Igor Sapego*, could you please check?
>> >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin
>> >    client contributors*, please facilitate.
>> >    6. Anything else missing from the list? We don't have any custom
>> >    crypto features, right?
>> >
>> > All of these usages/integrations have to comply with the following
>> > checklist [3] before I, as a PMC Chair, submit a notice to Export
>> > Administration Regulations of the U.S.A.
>> >
>> > [1] http://www.apache.org/licenses/exports/
>> > [2] http://www.apache.org/licenses/exports/#matrix
>> > [3] https://www.apache.org/dev/crypto.html#classify
>> >
>> >
>> > -
>> > Denis
>> >
>>
>

Re: Signing off Ignite for export beyond the U.S.

[Dmitriy Pavlov <dp...@apache.org>]

Hi Igniters,

I've created a new page
https://cwiki.apache.org/confluence/display/IGNITE/Crypto+Notice and added
the last step for the release process - Update ECCN matrix.

Sincerely,
Dmitriy Pavlov

ср, 26 июн. 2019 г. в 14:07, Dmitriy Pavlov <dp...@apache.org>:

> Sure, up to you.
>
> I've committed the readme (it is mandated by the crypto process).
>
> Later I will copy all relevant crypto-notice related information to wiki
> and update release process with extra double-checking step.
>
> ср, 26 июн. 2019 г. в 01:04, Denis Magda <dm...@apache.org>:
>
>> Dmitry, thanks. As for the ordering, the list is not fully ordered. Looks
>> like the projects were added to the end. I would leave it as is for now.
>>
>> -
>> Denis
>>
>>
>> On Tue, Jun 25, 2019 at 5:42 PM Dmitriy Pavlov <dp...@apache.org>
>> wrote:
>>
>> > Denis thank you,
>> >
>> > I see updates in the matrix so I've removed source XMLs from the local
>> > ignite-11932 branch.
>> >
>> > In the matrix in the ASF site, other projects seem to be sorted
>> > alphabetically. Maybe we should place Ignite near Incubator.
>> >
>> > I will commit & update the wiki, but for now, requests to
>> > https://gitbox.apache.org  are timed out from my laptop. I will retry
>> in
>> > 10
>> > hours.
>> >
>> > Sincerely
>> > Dmitriy Pavlov
>> >
>> >
>> > вт, 25 июн. 2019 г. в 23:58, Denis Magda <dm...@gridgain.com>:
>> >
>> > > In addition to that, how about adding an item for Ignite release
>> policy
>> > to
>> > > validate that there are no cryptography related changes?
>> > > http://www.apache.org/licenses/exports/
>> > >
>> > > --
>> > > Denis Magda
>> > >
>> > >
>> > > On Tue, Jun 25, 2019 at 1:54 PM Denis Magda <dm...@apache.org>
>> wrote:
>> > >
>> > > > Dmitry,
>> > > >
>> > > > I've updated the ASF website by including Ignite to the exports
>> matrix
>> > > > [1]. Plus, notified the controlling U.S. entities on the matter.
>> > > >
>> > > > Could you please do one more favor and help to close these two items
>> > > > (flying on a plane and a poor Internet connection makes it
>> impossible
>> > to
>> > > > check them off on my end)?
>> > > >
>> > > >    - Update README.txt in Ignite master with the content prepared
>> > earlier
>> > > >    by you
>> > > >    - Copy content of this doc [2] to Ignite Wiki
>> > > >
>> > > > [1] http://www.apache.org/licenses/exports/
>> > > > [2]
>> > > >
>> > >
>> >
>> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
>> > > >
>> > > > -
>> > > > Denis
>> > > >
>> > > >
>> > > > On Wed, Jun 19, 2019 at 2:47 PM Dmitriy Pavlov <dp...@apache.org>
>> > > wrote:
>> > > >
>> > > >> Pavel replied to me in private: encryption is available since 2.4
>> for
>> > > .Net
>> > > >> thin client.
>> > > >>
>> > > >> I've also modified source XML
>> > > >>
>> > > >>
>> > >
>> >
>> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
>> > > >>
>> > > >>
>> > > >> чт, 20 июн. 2019 г. в 00:10, Denis Magda <dm...@gridgain.com>:
>> > > >>
>> > > >> > Pavel,
>> > > >> >
>> > > >> > I still have no info related to starting version of .NET
>> encryption
>> > > >> > > support. So I supposed it was 1.5.
>> > > >> >
>> > > >> >
>> > > >> > Could you please help with this last open item?
>> > > >> >
>> > > >> > Dmitry, thanks for the final summary. I'll contact ASF folks
>> trying
>> > to
>> > > >> find
>> > > >> > the ASF website dev instructions.
>> > > >> >
>> > > >> >
>> > > >> > --
>> > > >> > Denis Magda
>> > > >> >
>> > > >> >
>> > > >> > On Wed, Jun 19, 2019 at 11:35 AM Dmitriy Pavlov <
>> dpavlov@apache.org
>> > >
>> > > >> > wrote:
>> > > >> >
>> > > >> > > Hi Denis,
>> > > >> > >
>> > > >> > > I still have no info related to starting version of .NET
>> > encryption
>> > > >> > > support. So I supposed it was 1.5.
>> > > >> > >
>> > > >> > > I've started both XSTLs and added an example of both XLTs
>> output
>> > to
>> > > >> > google
>> > > >> > > doc tabs. One transformer is for email template generation
>> > (requires
>> > > >> > > project name), another is for the site table.
>> > > >> > >
>> > > >> > > Only one TODO now left in the PR version of the update. All
>> other
>> > > >> stuff
>> > > >> > is
>> > > >> > > ready for publishing:
>> > > >> > >
>> > > >> > >
>> > > >> >
>> > > >>
>> > >
>> >
>> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
>> > > >> > >
>> > > >> > > Sincerely,
>> > > >> > > Dmitriy Pavlov
>> > > >> > >
>> > > >> > > P.S. I'm not sure that dev. the list will keep formatting, but
>> > > anyway
>> > > >> > here
>> > > >> > > is transformer output example as text.
>> > > >> > >
>> > > >> > > Apache Ignite Project
>> > > >> > > Product Name Versions ECCN
>> > > >> > > Controlled Source
>> > > >> > > Apache Ignite development 5D002
>> > > >> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation,
>> > > JCraft,
>> > > >> > Inc.,
>> > > >> > > The Eclipse Foundation
>> > > >> > > 2.5.0 - latest 5D002
>> > > >> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation,
>> > > JCraft,
>> > > >> > Inc.,
>> > > >> > > The Eclipse Foundation
>> > > >> > > 1.5.0.final - 2.4.0 5D002
>> > > >> > > ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The
>> Eclipse
>> > > >> > > Foundation
>> > > >> > > 1.0.0 - 1.5.0-b1 5D002
>> > > >> > > ASF, Oracle, JCraft, Inc., The Eclipse Foundation
>> > > >> > >
>> > > >> > > ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <
>> dpavlov@apache.org>:
>> > > >> > >
>> > > >> > > > Igniters,
>> > > >> > > >
>> > > >> > > > as for older versions, I've started to collect information of
>> > > crypto
>> > > >> > > > providers usages in older versions, please help me to
>> finalize
>> > > this
>> > > >> doc
>> > > >> > > so
>> > > >> > > > I could prepare a declaration of older versions.
>> > > >> > > >
>> > > >> > > >
>> > > >> > > >
>> > > >> > >
>> > > >> >
>> > > >>
>> > >
>> >
>> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
>> > > >> > > >
>> > > >> > > > I'm not sure if the time of Incubation counts, but, anyway,
>> let'
>> > > >> > collect
>> > > >> > > > information about the history of modules.
>> > > >> > > >
>> > > >> > > > Sincerely,
>> > > >> > > > Dmitriy Pavlov
>> > > >> > > >
>> > > >> > > > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <
>> dpavlov@apache.org
>> > >:
>> > > >> > > >
>> > > >> > > >> Hi Denis,
>> > > >> > > >>
>> > > >> > > >> Build process seems to be mentioned only here
>> > > >> > > >> https://www.apache.org/dev/crypto.html#sources It also
>> > mentions
>> > > >> some
>> > > >> > > >> bisnotice XSLT transformation, which is available at SVN
>> here
>> > > >> > > >>
>> > > >> > >
>> > > >> >
>> > > >>
>> > >
>> >
>> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/
>> > > >> > > >>
>> > > >> > > >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl
>> > from
>> > > >> > > >>
>> > > >> > >
>> > > >> >
>> > > >>
>> > >
>> >
>> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
>> > > >> > > >> is more appropriate. I will test it locally.
>> > > >> > > >>
>> > > >> > > >> The only thing I've found for now is the following scripts
>> at
>> > the
>> > > >> root
>> > > >> > > of
>> > > >> > > >> SVN here
>> > > >> https://svn.apache.org/repos/asf/infrastructure/site/trunk/
>> > > >> > > >> bisnotice.cmd
>> > > >> > > >> bisnotice.sh
>> > > >> > > >>
>> > > >> > > >> Sincerely,
>> > > >> > > >> Dmitriy Pavlov
>> > > >> > > >>
>> > > >> > > >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <dmagda@apache.org
>> >:
>> > > >> > > >>
>> > > >> > > >>> Dmitriy,
>> > > >> > > >>>
>> > > >> > > >>> I think that it's required to enlist all of the publicly
>> > > released
>> > > >> > > Ignite
>> > > >> > > >>> versions (available for download from the website). It
>> means
>> > > that
>> > > >> the
>> > > >> > > XML
>> > > >> > > >>> should have the following controlled sources grouped by
>> Ignite
>> > > >> > > versions'
>> > > >> > > >>> ranges.
>> > > >> > > >>>
>> > > >> > > >>>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The
>> Eclipse
>> > > >> > > Foundation
>> > > >> > > >>>    - Ignite 1.5.0 and later: all of the controller versions
>> > > >> listed by
>> > > >> > > >>> you.
>> > > >> > > >>>
>> > > >> > > >>> Not sure about JCraft only. What was the first Ignite
>> version
>> > > the
>> > > >> lib
>> > > >> > > was
>> > > >> > > >>> added to?
>> > > >> > > >>>
>> > > >> > > >>> As for .NET versions declarations, I'm for the way it
>> handled
>> > > >> right
>> > > >> > now
>> > > >> > > >>> by
>> > > >> > > >>> you. Btw, do you know where ASF explains the website build
>> > > >> process?
>> > > >> > > >>> Failed
>> > > >> > > >>> to find it, it's not enough just to update the XML.
>> > > >> > > >>>
>> > > >> > > >>> Finally, looping in Garrett who can help with the editorial
>> > > >> review.
>> > > >> > > >>> Garrett, could you please review README.txt from this
>> > > >> pull-request?
>> > > >> > > >>>
>> > > >> > > >>>
>> > > >> > >
>> > > >> >
>> > > >>
>> > >
>> >
>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
>> > > >> > > >>>
>> > > >> > > >>>
>> > > >> > > >>> -
>> > > >> > > >>> Denis
>> > > >> > > >>>
>> > > >> > > >>>
>> > > >> > > >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <
>> > > >> dpavlov@apache.org>
>> > > >> > > >>> wrote:
>> > > >> > > >>>
>> > > >> > > >>> > Igniters,
>> > > >> > > >>> >
>> > > >> > > >>> > please review crypto notice in
>> > > >> > > >>> >
>> > > >> > > >>> >
>> > > >> > > >>>
>> > > >> > >
>> > > >> >
>> > > >>
>> > >
>> >
>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
>> > > >> > > >>> >
>> > > >> > > >>> > Only 2 open questions: about declaring released versions,
>> > and
>> > > >> about
>> > > >> > > >>> > declaring .NET versions (.NET Core & . NET Classic). By
>> > > >> default, I
>> > > >> > > >>> propose
>> > > >> > > >>> > to keep both.
>> > > >> > > >>> >
>> > > >> > > >>> > Sincerely,
>> > > >> > > >>> > Dmitriy Pavlov
>> > > >> > > >>> >
>> > > >> > > >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <
>> > > dpavlov@apache.org
>> > > >> >:
>> > > >> > > >>> >
>> > > >> > > >>> > > Pavel,
>> > > >> > > >>> > >
>> > > >> > > >>> > > we need to follow the process from
>> > > >> > > >>> > > https://www.apache.org/dev/crypto.html#classify
>> > > >> > > >>> > >
>> > > >> > > >>> > > Please see similar products in the draft export matrix,
>> > > >> > > >>> > >
>> > > >> > > >>> > >
>> > > >> > > >>> >
>> > > >> > > >>>
>> > > >> > >
>> > > >> >
>> > > >>
>> > >
>> >
>> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
>> > > >> > > >>> > >
>> > > >> > > >>> > >
>> > > >> > > >>> > > We don't ship JDK, but we designed our product to use a
>> > > >> > > cryptographic
>> > > >> > > >>> > > feature from this 3rd party product, so we need to
>> follow
>> > > this
>> > > >> > > >>> process
>> > > >> > > >>> > and
>> > > >> > > >>> > > provide matrix update, add CRYPTO notice (I'll draft
>> it).
>> > > >> > > >>> > >
>> > > >> > > >>> > > Other products don't declare all possible JDKs -
>> > > >> > > >>> > > http://www.apache.org/licenses/exports/#matrix So,
>> > > probably,
>> > > >> one
>> > > >> > > >>> > > declaration of .NET classic (Microsoft) would be
>> enough.
>> > > >> > > >>> > >
>> > > >> > > >>> > > Sincerely,
>> > > >> > > >>> > > Dmitriy Pavlov
>> > > >> > > >>> > >
>> > > >> > > >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <
>> > > >> > ptupitsyn@apache.org
>> > > >> > > >:
>> > > >> > > >>> > >
>> > > >> > > >>> > >> >>Should it go instead of Microsoft? Should we mention
>> > .NET
>> > > >> code
>> > > >> > > in
>> > > >> > > >>> > >> addition
>> > > >> > > >>> > >>
>> > > >> > > >>> > >> >>to Microsoft?
>> > > >> > > >>> > >>
>> > > >> > > >>> > >>
>> > > >> > > >>> > >>
>> > > >> > > >>> > >> >Yes, I think we can do this. Ignite targets both of
>> the
>> > > >> them.
>> > > >> > And
>> > > >> > > >>> .NET
>> > > >> > > >>> > >> Core uses it’s own implementation of standard class
>> > > >> library[1]
>> > > >> > > >>> > >>
>> > > >> > > >>> > >> >Pavel may correct me.
>> > > >> > > >>> > >>
>> > > >> > > >>> > >>
>> > > >> > > >>> > >> We use crypto APIs from standard class library. We
>> ship
>> > our
>> > > >> > > >>> binaries,
>> > > >> > > >>> > but
>> > > >> > > >>> > >> we don't ship the framework binaries.
>> > > >> > > >>> > >>
>> > > >> > > >>> > >> Our binaries can be executed with .NET Core
>> (open-source,
>> > > MIT
>> > > >> > > >>> license),
>> > > >> > > >>> > >> Mono (open-source, MIT license), and .NET Classic (old
>> > > >> > framework,
>> > > >> > > >>> > >> Windows-only, Microsoft license).
>> > > >> > > >>> > >>
>> > > >> > > >>> > >> I'm still not sure what is the question we are trying
>> to
>> > > >> answer,
>> > > >> > > >>> though.
>> > > >> > > >>> > >>
>> > > >> > > >>> > >>
>> > > >> > > >>> > >> Thanks,
>> > > >> > > >>> > >>
>> > > >> > > >>> > >> Pavel
>> > > >> > > >>> > >>
>> > > >> > > >>> > >>
>> > > >> > > >>> > >>
>> > > >> > > >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <
>> > > >> > > lexwert@gmail.com
>> > > >> > > >>> >
>> > > >> > > >>> > >> wrote:
>> > > >> > > >>> > >>
>> > > >> > > >>> > >> > >1) Declaring older versions of Ignite.
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >2) Is it correct to mention that Ignite uses .NET
>> core
>> > > >> > > >>> controlled by
>> > > >> > > >>> > >> .NET
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >Foundation? E.g. as follows:
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >(controlled by)
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >.NET Foundation
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >title=Designed to use .NET Framework Cryptography
>> > Model
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >href=https://dotnetfoundation.org/projects
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >Should it go instead of Microsoft? Should we
>> mention
>> > > .NET
>> > > >> > code
>> > > >> > > in
>> > > >> > > >>> > >> addition
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >to Microsoft?
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Yes, I think we can do this. Ignite targets both of
>> the
>> > > >> them.
>> > > >> > > And
>> > > >> > > >>> .NET
>> > > >> > > >>> > >> > Core uses it’s own implementation of standard class
>> > > >> library[1]
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Pavel may correct me.
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > [1] https://github.com/dotnet/corefx
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > *From: *Dmitriy Pavlov <dp...@apache.org>
>> > > >> > > >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
>> > > >> > > >>> > >> > *To: *dev <de...@ignite.apache.org>
>> > > >> > > >>> > >> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego
>> <
>> > > >> > > >>> > isapego@apache.org>;
>> > > >> > > >>> > >> Pavel
>> > > >> > > >>> > >> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <
>> > > >> > > >>> nizhikov@apache.org>
>> > > >> > > >>> > >> > *Subject: *Re: Signing off Ignite for export beyond
>> the
>> > > >> U.S.
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Thanks, Pavel!
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Denis, Pavel, Igniters, please review the following
>> > > >> proposal:
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL
>> > usage.
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > - AWS-S3 client-side encryption to be declared as
>> > JCA/JCE
>> > > >> > usage.
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE
>> > > usage.
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > - TDE to be declared as JCA/JCE
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Export matrix data to be published in ASF-level SVN:
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > <<<<<
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Product Name
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Apache Ignite
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Versions
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > development
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > 2.7 and later <Earlier versions-TBD?>
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > ECCN
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > 5D002
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Controlled source
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > ASF
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > title=Designed to use with built-in Java
>> Cryptography
>> > > >> > > Architecture
>> > > >> > > >>> > (JCA)
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > href=
>> https://gitbox.apache.org/repos/asf?p=ignite.git
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Oracle
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > title=Designed to use with built-in Java encryption
>> > > >> libraries
>> > > >> > > >>> (JCE)
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > href=
>> > > >> > > >>> > >>
>> > > >> > >
>> > https://www.oracle.com/technetwork/java/javase/downloads/index.html
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > The OpenSSL Project
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > title=Designed to use General Purpose cryptography
>> > > library
>> > > >> > > >>> included
>> > > >> > > >>> > with
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > OpenSSL
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > href=https://www.openssl.org/source/
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Microsoft
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > title=Designed to use .NET Framework Cryptography
>> Model
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > href=https://dotnet.microsoft.com/download
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >>>>>>
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Open questions:
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > 1) Declaring older versions of Ignite.
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > 2) Is it correct to mention that Ignite uses .NET
>> core
>> > > >> > > controlled
>> > > >> > > >>> by
>> > > >> > > >>> > >> .NET
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Foundation? E.g. as follows:
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > (controlled by)
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > .NET Foundation
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > title=Designed to use .NET Framework Cryptography
>> Model
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > href=https://dotnetfoundation.org/projects
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Should it go instead of Microsoft? Should we mention
>> > .NET
>> > > >> code
>> > > >> > > in
>> > > >> > > >>> > >> addition
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > to Microsoft?
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Sincerely,
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > Dmitriy Pavlov
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <
>> > > >> > > ptupitsyn@apache.org
>> > > >> > > >>> >:
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > Hi Denis,
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > Ignite.NET uses .NET Framework Standard Library
>> for
>> > all
>> > > >> > > >>> security and
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > cryptographic related code. There are no
>> dependencies
>> > > on
>> > > >> > > >>> external
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > libraries.
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > Thanks
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <
>> > > >> dmagda@apache.org>:
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > Igniters,
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > Regardless of the fact that Ignite is an open
>> > source
>> > > >> > > >>> software, ASF
>> > > >> > > >>> > >> as
>> > > >> > > >>> > >> > an
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > entity based in the U.S. has to comply with
>> certain
>> > > >> > > exporting
>> > > >> > > >>> > >> > regulations
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > [1].
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > Dmitry Pavlov and I are working on adding
>> Ignite to
>> > > the
>> > > >> > > table
>> > > >> > > >>> [2]
>> > > >> > > >>> > of
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > projects allowed for export and might need the
>> > > >> assistance
>> > > >> > of
>> > > >> > > >>> some
>> > > >> > > >>> > of
>> > > >> > > >>> > >> > you.
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > Here is a list of cryptographic functions used
>> by
>> > > >> Ignite
>> > > >> > > (and
>> > > >> > > >>> > >> provided
>> > > >> > > >>> > >> > by
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > a 3rd party vendor):
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >    1. JDK SSL/TLS libraries if a user wishes to
>> > > enable
>> > > >> > > secured
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >    connectivity between cluster nodes.
>> > Manufacturer -
>> > > >> > > >>> > >> Oracle/OpenJDK (
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from
>> the
>> > > Java
>> > > >> > > >>> libraries
>> > > >> > > >>> > >> for
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >    transparent data encryption of data on disk (
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >
>> > > >> > > >>> >
>> > > https://apacheignite.readme.io/docs/transparent-data-encryption
>> > > >> )
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >    3. Libraries/vendors for .NET nodes
>> security?*
>> > > Pavel
>> > > >> > > >>> Tupitsyn*,
>> > > >> > > >>> > >> > could
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >    you check?
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >    4. Libraries/vendors for C++ clients security
>> > > (SSL,
>> > > >> > TLS,
>> > > >> > > >>> > anything
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >    else?). *Igor Sapego*, could you please
>> check?
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >    5. Libraries/vendors for Python, PHP, Node.JS
>> > > >> SSL/TLS?
>> > > >> > > >>> *Dear
>> > > >> > > >>> > thin
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >    client contributors*, please facilitate.
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >    6. Anything else missing from the list? We
>> don't
>> > > >> have
>> > > >> > any
>> > > >> > > >>> > custom
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >    crypto features, right?
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > All of these usages/integrations have to comply
>> > with
>> > > >> the
>> > > >> > > >>> following
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a
>> > > >> notice to
>> > > >> > > >>> Export
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > Administration Regulations of the U.S.A.
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > [1] http://www.apache.org/licenses/exports/
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > [2]
>> http://www.apache.org/licenses/exports/#matrix
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > [3]
>> > https://www.apache.org/dev/crypto.html#classify
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > -
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > > Denis
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> > >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >> >
>> > > >> > > >>> > >>
>> > > >> > > >>> > >
>> > > >> > > >>> >
>> > > >> > > >>>
>> > > >> > > >>
>> > > >> > >
>> > > >> >
>> > > >>
>> > > >
>> > >
>> >
>>
>

Re: Signing off Ignite for export beyond the U.S.

[Dmitriy Pavlov <dp...@apache.org>]

Sure, up to you.

I've committed the readme (it is mandated by the crypto process).

Later I will copy all relevant crypto-notice related information to wiki
and update release process with extra double-checking step.

ср, 26 июн. 2019 г. в 01:04, Denis Magda <dm...@apache.org>:

> Dmitry, thanks. As for the ordering, the list is not fully ordered. Looks
> like the projects were added to the end. I would leave it as is for now.
>
> -
> Denis
>
>
> On Tue, Jun 25, 2019 at 5:42 PM Dmitriy Pavlov <dp...@apache.org> wrote:
>
> > Denis thank you,
> >
> > I see updates in the matrix so I've removed source XMLs from the local
> > ignite-11932 branch.
> >
> > In the matrix in the ASF site, other projects seem to be sorted
> > alphabetically. Maybe we should place Ignite near Incubator.
> >
> > I will commit & update the wiki, but for now, requests to
> > https://gitbox.apache.org  are timed out from my laptop. I will retry in
> > 10
> > hours.
> >
> > Sincerely
> > Dmitriy Pavlov
> >
> >
> > вт, 25 июн. 2019 г. в 23:58, Denis Magda <dm...@gridgain.com>:
> >
> > > In addition to that, how about adding an item for Ignite release policy
> > to
> > > validate that there are no cryptography related changes?
> > > http://www.apache.org/licenses/exports/
> > >
> > > --
> > > Denis Magda
> > >
> > >
> > > On Tue, Jun 25, 2019 at 1:54 PM Denis Magda <dm...@apache.org> wrote:
> > >
> > > > Dmitry,
> > > >
> > > > I've updated the ASF website by including Ignite to the exports
> matrix
> > > > [1]. Plus, notified the controlling U.S. entities on the matter.
> > > >
> > > > Could you please do one more favor and help to close these two items
> > > > (flying on a plane and a poor Internet connection makes it impossible
> > to
> > > > check them off on my end)?
> > > >
> > > >    - Update README.txt in Ignite master with the content prepared
> > earlier
> > > >    by you
> > > >    - Copy content of this doc [2] to Ignite Wiki
> > > >
> > > > [1] http://www.apache.org/licenses/exports/
> > > > [2]
> > > >
> > >
> >
> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
> > > >
> > > > -
> > > > Denis
> > > >
> > > >
> > > > On Wed, Jun 19, 2019 at 2:47 PM Dmitriy Pavlov <dp...@apache.org>
> > > wrote:
> > > >
> > > >> Pavel replied to me in private: encryption is available since 2.4
> for
> > > .Net
> > > >> thin client.
> > > >>
> > > >> I've also modified source XML
> > > >>
> > > >>
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
> > > >>
> > > >>
> > > >> чт, 20 июн. 2019 г. в 00:10, Denis Magda <dm...@gridgain.com>:
> > > >>
> > > >> > Pavel,
> > > >> >
> > > >> > I still have no info related to starting version of .NET
> encryption
> > > >> > > support. So I supposed it was 1.5.
> > > >> >
> > > >> >
> > > >> > Could you please help with this last open item?
> > > >> >
> > > >> > Dmitry, thanks for the final summary. I'll contact ASF folks
> trying
> > to
> > > >> find
> > > >> > the ASF website dev instructions.
> > > >> >
> > > >> >
> > > >> > --
> > > >> > Denis Magda
> > > >> >
> > > >> >
> > > >> > On Wed, Jun 19, 2019 at 11:35 AM Dmitriy Pavlov <
> dpavlov@apache.org
> > >
> > > >> > wrote:
> > > >> >
> > > >> > > Hi Denis,
> > > >> > >
> > > >> > > I still have no info related to starting version of .NET
> > encryption
> > > >> > > support. So I supposed it was 1.5.
> > > >> > >
> > > >> > > I've started both XSTLs and added an example of both XLTs output
> > to
> > > >> > google
> > > >> > > doc tabs. One transformer is for email template generation
> > (requires
> > > >> > > project name), another is for the site table.
> > > >> > >
> > > >> > > Only one TODO now left in the PR version of the update. All
> other
> > > >> stuff
> > > >> > is
> > > >> > > ready for publishing:
> > > >> > >
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
> > > >> > >
> > > >> > > Sincerely,
> > > >> > > Dmitriy Pavlov
> > > >> > >
> > > >> > > P.S. I'm not sure that dev. the list will keep formatting, but
> > > anyway
> > > >> > here
> > > >> > > is transformer output example as text.
> > > >> > >
> > > >> > > Apache Ignite Project
> > > >> > > Product Name Versions ECCN
> > > >> > > Controlled Source
> > > >> > > Apache Ignite development 5D002
> > > >> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation,
> > > JCraft,
> > > >> > Inc.,
> > > >> > > The Eclipse Foundation
> > > >> > > 2.5.0 - latest 5D002
> > > >> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation,
> > > JCraft,
> > > >> > Inc.,
> > > >> > > The Eclipse Foundation
> > > >> > > 1.5.0.final - 2.4.0 5D002
> > > >> > > ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The
> Eclipse
> > > >> > > Foundation
> > > >> > > 1.0.0 - 1.5.0-b1 5D002
> > > >> > > ASF, Oracle, JCraft, Inc., The Eclipse Foundation
> > > >> > >
> > > >> > > ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <dpavlov@apache.org
> >:
> > > >> > >
> > > >> > > > Igniters,
> > > >> > > >
> > > >> > > > as for older versions, I've started to collect information of
> > > crypto
> > > >> > > > providers usages in older versions, please help me to finalize
> > > this
> > > >> doc
> > > >> > > so
> > > >> > > > I could prepare a declaration of older versions.
> > > >> > > >
> > > >> > > >
> > > >> > > >
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
> > > >> > > >
> > > >> > > > I'm not sure if the time of Incubation counts, but, anyway,
> let'
> > > >> > collect
> > > >> > > > information about the history of modules.
> > > >> > > >
> > > >> > > > Sincerely,
> > > >> > > > Dmitriy Pavlov
> > > >> > > >
> > > >> > > > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <
> dpavlov@apache.org
> > >:
> > > >> > > >
> > > >> > > >> Hi Denis,
> > > >> > > >>
> > > >> > > >> Build process seems to be mentioned only here
> > > >> > > >> https://www.apache.org/dev/crypto.html#sources It also
> > mentions
> > > >> some
> > > >> > > >> bisnotice XSLT transformation, which is available at SVN here
> > > >> > > >>
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/
> > > >> > > >>
> > > >> > > >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl
> > from
> > > >> > > >>
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
> > > >> > > >> is more appropriate. I will test it locally.
> > > >> > > >>
> > > >> > > >> The only thing I've found for now is the following scripts at
> > the
> > > >> root
> > > >> > > of
> > > >> > > >> SVN here
> > > >> https://svn.apache.org/repos/asf/infrastructure/site/trunk/
> > > >> > > >> bisnotice.cmd
> > > >> > > >> bisnotice.sh
> > > >> > > >>
> > > >> > > >> Sincerely,
> > > >> > > >> Dmitriy Pavlov
> > > >> > > >>
> > > >> > > >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <dmagda@apache.org
> >:
> > > >> > > >>
> > > >> > > >>> Dmitriy,
> > > >> > > >>>
> > > >> > > >>> I think that it's required to enlist all of the publicly
> > > released
> > > >> > > Ignite
> > > >> > > >>> versions (available for download from the website). It means
> > > that
> > > >> the
> > > >> > > XML
> > > >> > > >>> should have the following controlled sources grouped by
> Ignite
> > > >> > > versions'
> > > >> > > >>> ranges.
> > > >> > > >>>
> > > >> > > >>>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The
> Eclipse
> > > >> > > Foundation
> > > >> > > >>>    - Ignite 1.5.0 and later: all of the controller versions
> > > >> listed by
> > > >> > > >>> you.
> > > >> > > >>>
> > > >> > > >>> Not sure about JCraft only. What was the first Ignite
> version
> > > the
> > > >> lib
> > > >> > > was
> > > >> > > >>> added to?
> > > >> > > >>>
> > > >> > > >>> As for .NET versions declarations, I'm for the way it
> handled
> > > >> right
> > > >> > now
> > > >> > > >>> by
> > > >> > > >>> you. Btw, do you know where ASF explains the website build
> > > >> process?
> > > >> > > >>> Failed
> > > >> > > >>> to find it, it's not enough just to update the XML.
> > > >> > > >>>
> > > >> > > >>> Finally, looping in Garrett who can help with the editorial
> > > >> review.
> > > >> > > >>> Garrett, could you please review README.txt from this
> > > >> pull-request?
> > > >> > > >>>
> > > >> > > >>>
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> > > >> > > >>>
> > > >> > > >>>
> > > >> > > >>> -
> > > >> > > >>> Denis
> > > >> > > >>>
> > > >> > > >>>
> > > >> > > >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <
> > > >> dpavlov@apache.org>
> > > >> > > >>> wrote:
> > > >> > > >>>
> > > >> > > >>> > Igniters,
> > > >> > > >>> >
> > > >> > > >>> > please review crypto notice in
> > > >> > > >>> >
> > > >> > > >>> >
> > > >> > > >>>
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> > > >> > > >>> >
> > > >> > > >>> > Only 2 open questions: about declaring released versions,
> > and
> > > >> about
> > > >> > > >>> > declaring .NET versions (.NET Core & . NET Classic). By
> > > >> default, I
> > > >> > > >>> propose
> > > >> > > >>> > to keep both.
> > > >> > > >>> >
> > > >> > > >>> > Sincerely,
> > > >> > > >>> > Dmitriy Pavlov
> > > >> > > >>> >
> > > >> > > >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <
> > > dpavlov@apache.org
> > > >> >:
> > > >> > > >>> >
> > > >> > > >>> > > Pavel,
> > > >> > > >>> > >
> > > >> > > >>> > > we need to follow the process from
> > > >> > > >>> > > https://www.apache.org/dev/crypto.html#classify
> > > >> > > >>> > >
> > > >> > > >>> > > Please see similar products in the draft export matrix,
> > > >> > > >>> > >
> > > >> > > >>> > >
> > > >> > > >>> >
> > > >> > > >>>
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
> > > >> > > >>> > >
> > > >> > > >>> > >
> > > >> > > >>> > > We don't ship JDK, but we designed our product to use a
> > > >> > > cryptographic
> > > >> > > >>> > > feature from this 3rd party product, so we need to
> follow
> > > this
> > > >> > > >>> process
> > > >> > > >>> > and
> > > >> > > >>> > > provide matrix update, add CRYPTO notice (I'll draft
> it).
> > > >> > > >>> > >
> > > >> > > >>> > > Other products don't declare all possible JDKs -
> > > >> > > >>> > > http://www.apache.org/licenses/exports/#matrix So,
> > > probably,
> > > >> one
> > > >> > > >>> > > declaration of .NET classic (Microsoft) would be enough.
> > > >> > > >>> > >
> > > >> > > >>> > > Sincerely,
> > > >> > > >>> > > Dmitriy Pavlov
> > > >> > > >>> > >
> > > >> > > >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <
> > > >> > ptupitsyn@apache.org
> > > >> > > >:
> > > >> > > >>> > >
> > > >> > > >>> > >> >>Should it go instead of Microsoft? Should we mention
> > .NET
> > > >> code
> > > >> > > in
> > > >> > > >>> > >> addition
> > > >> > > >>> > >>
> > > >> > > >>> > >> >>to Microsoft?
> > > >> > > >>> > >>
> > > >> > > >>> > >>
> > > >> > > >>> > >>
> > > >> > > >>> > >> >Yes, I think we can do this. Ignite targets both of
> the
> > > >> them.
> > > >> > And
> > > >> > > >>> .NET
> > > >> > > >>> > >> Core uses it’s own implementation of standard class
> > > >> library[1]
> > > >> > > >>> > >>
> > > >> > > >>> > >> >Pavel may correct me.
> > > >> > > >>> > >>
> > > >> > > >>> > >>
> > > >> > > >>> > >> We use crypto APIs from standard class library. We ship
> > our
> > > >> > > >>> binaries,
> > > >> > > >>> > but
> > > >> > > >>> > >> we don't ship the framework binaries.
> > > >> > > >>> > >>
> > > >> > > >>> > >> Our binaries can be executed with .NET Core
> (open-source,
> > > MIT
> > > >> > > >>> license),
> > > >> > > >>> > >> Mono (open-source, MIT license), and .NET Classic (old
> > > >> > framework,
> > > >> > > >>> > >> Windows-only, Microsoft license).
> > > >> > > >>> > >>
> > > >> > > >>> > >> I'm still not sure what is the question we are trying
> to
> > > >> answer,
> > > >> > > >>> though.
> > > >> > > >>> > >>
> > > >> > > >>> > >>
> > > >> > > >>> > >> Thanks,
> > > >> > > >>> > >>
> > > >> > > >>> > >> Pavel
> > > >> > > >>> > >>
> > > >> > > >>> > >>
> > > >> > > >>> > >>
> > > >> > > >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <
> > > >> > > lexwert@gmail.com
> > > >> > > >>> >
> > > >> > > >>> > >> wrote:
> > > >> > > >>> > >>
> > > >> > > >>> > >> > >1) Declaring older versions of Ignite.
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >2) Is it correct to mention that Ignite uses .NET
> core
> > > >> > > >>> controlled by
> > > >> > > >>> > >> .NET
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >Foundation? E.g. as follows:
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >(controlled by)
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >.NET Foundation
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >title=Designed to use .NET Framework Cryptography
> > Model
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >href=https://dotnetfoundation.org/projects
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >Should it go instead of Microsoft? Should we mention
> > > .NET
> > > >> > code
> > > >> > > in
> > > >> > > >>> > >> addition
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >to Microsoft?
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Yes, I think we can do this. Ignite targets both of
> the
> > > >> them.
> > > >> > > And
> > > >> > > >>> .NET
> > > >> > > >>> > >> > Core uses it’s own implementation of standard class
> > > >> library[1]
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Pavel may correct me.
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > [1] https://github.com/dotnet/corefx
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > *From: *Dmitriy Pavlov <dp...@apache.org>
> > > >> > > >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
> > > >> > > >>> > >> > *To: *dev <de...@ignite.apache.org>
> > > >> > > >>> > >> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <
> > > >> > > >>> > isapego@apache.org>;
> > > >> > > >>> > >> Pavel
> > > >> > > >>> > >> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <
> > > >> > > >>> nizhikov@apache.org>
> > > >> > > >>> > >> > *Subject: *Re: Signing off Ignite for export beyond
> the
> > > >> U.S.
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Thanks, Pavel!
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Denis, Pavel, Igniters, please review the following
> > > >> proposal:
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL
> > usage.
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > - AWS-S3 client-side encryption to be declared as
> > JCA/JCE
> > > >> > usage.
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE
> > > usage.
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > - TDE to be declared as JCA/JCE
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Export matrix data to be published in ASF-level SVN:
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > <<<<<
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Product Name
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Apache Ignite
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Versions
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > development
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > 2.7 and later <Earlier versions-TBD?>
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > ECCN
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > 5D002
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Controlled source
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > ASF
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > title=Designed to use with built-in Java Cryptography
> > > >> > > Architecture
> > > >> > > >>> > (JCA)
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > href=
> https://gitbox.apache.org/repos/asf?p=ignite.git
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Oracle
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > title=Designed to use with built-in Java encryption
> > > >> libraries
> > > >> > > >>> (JCE)
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > href=
> > > >> > > >>> > >>
> > > >> > >
> > https://www.oracle.com/technetwork/java/javase/downloads/index.html
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > The OpenSSL Project
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > title=Designed to use General Purpose cryptography
> > > library
> > > >> > > >>> included
> > > >> > > >>> > with
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > OpenSSL
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > href=https://www.openssl.org/source/
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Microsoft
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > title=Designed to use .NET Framework Cryptography
> Model
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > href=https://dotnet.microsoft.com/download
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >>>>>>
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Open questions:
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > 1) Declaring older versions of Ignite.
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > 2) Is it correct to mention that Ignite uses .NET
> core
> > > >> > > controlled
> > > >> > > >>> by
> > > >> > > >>> > >> .NET
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Foundation? E.g. as follows:
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > (controlled by)
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > .NET Foundation
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > title=Designed to use .NET Framework Cryptography
> Model
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > href=https://dotnetfoundation.org/projects
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Should it go instead of Microsoft? Should we mention
> > .NET
> > > >> code
> > > >> > > in
> > > >> > > >>> > >> addition
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > to Microsoft?
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Sincerely,
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > Dmitriy Pavlov
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <
> > > >> > > ptupitsyn@apache.org
> > > >> > > >>> >:
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > Hi Denis,
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > Ignite.NET uses .NET Framework Standard Library for
> > all
> > > >> > > >>> security and
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > cryptographic related code. There are no
> dependencies
> > > on
> > > >> > > >>> external
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > libraries.
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > Thanks
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <
> > > >> dmagda@apache.org>:
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > Igniters,
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > Regardless of the fact that Ignite is an open
> > source
> > > >> > > >>> software, ASF
> > > >> > > >>> > >> as
> > > >> > > >>> > >> > an
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > entity based in the U.S. has to comply with
> certain
> > > >> > > exporting
> > > >> > > >>> > >> > regulations
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > [1].
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > Dmitry Pavlov and I are working on adding Ignite
> to
> > > the
> > > >> > > table
> > > >> > > >>> [2]
> > > >> > > >>> > of
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > projects allowed for export and might need the
> > > >> assistance
> > > >> > of
> > > >> > > >>> some
> > > >> > > >>> > of
> > > >> > > >>> > >> > you.
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > Here is a list of cryptographic functions used by
> > > >> Ignite
> > > >> > > (and
> > > >> > > >>> > >> provided
> > > >> > > >>> > >> > by
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > a 3rd party vendor):
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >    1. JDK SSL/TLS libraries if a user wishes to
> > > enable
> > > >> > > secured
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >    connectivity between cluster nodes.
> > Manufacturer -
> > > >> > > >>> > >> Oracle/OpenJDK (
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from
> the
> > > Java
> > > >> > > >>> libraries
> > > >> > > >>> > >> for
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >    transparent data encryption of data on disk (
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >
> > > >> > > >>> >
> > > https://apacheignite.readme.io/docs/transparent-data-encryption
> > > >> )
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >    3. Libraries/vendors for .NET nodes security?*
> > > Pavel
> > > >> > > >>> Tupitsyn*,
> > > >> > > >>> > >> > could
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >    you check?
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >    4. Libraries/vendors for C++ clients security
> > > (SSL,
> > > >> > TLS,
> > > >> > > >>> > anything
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >    else?). *Igor Sapego*, could you please check?
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >    5. Libraries/vendors for Python, PHP, Node.JS
> > > >> SSL/TLS?
> > > >> > > >>> *Dear
> > > >> > > >>> > thin
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >    client contributors*, please facilitate.
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >    6. Anything else missing from the list? We
> don't
> > > >> have
> > > >> > any
> > > >> > > >>> > custom
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >    crypto features, right?
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > All of these usages/integrations have to comply
> > with
> > > >> the
> > > >> > > >>> following
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a
> > > >> notice to
> > > >> > > >>> Export
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > Administration Regulations of the U.S.A.
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > [1] http://www.apache.org/licenses/exports/
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > [2]
> http://www.apache.org/licenses/exports/#matrix
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > [3]
> > https://www.apache.org/dev/crypto.html#classify
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > -
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > > Denis
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> > >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >> >
> > > >> > > >>> > >>
> > > >> > > >>> > >
> > > >> > > >>> >
> > > >> > > >>>
> > > >> > > >>
> > > >> > >
> > > >> >
> > > >>
> > > >
> > >
> >
>

Re: Signing off Ignite for export beyond the U.S.

[Denis Magda <dm...@apache.org>]

Dmitry, thanks. As for the ordering, the list is not fully ordered. Looks
like the projects were added to the end. I would leave it as is for now.

-
Denis


On Tue, Jun 25, 2019 at 5:42 PM Dmitriy Pavlov <dp...@apache.org> wrote:

> Denis thank you,
>
> I see updates in the matrix so I've removed source XMLs from the local
> ignite-11932 branch.
>
> In the matrix in the ASF site, other projects seem to be sorted
> alphabetically. Maybe we should place Ignite near Incubator.
>
> I will commit & update the wiki, but for now, requests to
> https://gitbox.apache.org  are timed out from my laptop. I will retry in
> 10
> hours.
>
> Sincerely
> Dmitriy Pavlov
>
>
> вт, 25 июн. 2019 г. в 23:58, Denis Magda <dm...@gridgain.com>:
>
> > In addition to that, how about adding an item for Ignite release policy
> to
> > validate that there are no cryptography related changes?
> > http://www.apache.org/licenses/exports/
> >
> > --
> > Denis Magda
> >
> >
> > On Tue, Jun 25, 2019 at 1:54 PM Denis Magda <dm...@apache.org> wrote:
> >
> > > Dmitry,
> > >
> > > I've updated the ASF website by including Ignite to the exports matrix
> > > [1]. Plus, notified the controlling U.S. entities on the matter.
> > >
> > > Could you please do one more favor and help to close these two items
> > > (flying on a plane and a poor Internet connection makes it impossible
> to
> > > check them off on my end)?
> > >
> > >    - Update README.txt in Ignite master with the content prepared
> earlier
> > >    by you
> > >    - Copy content of this doc [2] to Ignite Wiki
> > >
> > > [1] http://www.apache.org/licenses/exports/
> > > [2]
> > >
> >
> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
> > >
> > > -
> > > Denis
> > >
> > >
> > > On Wed, Jun 19, 2019 at 2:47 PM Dmitriy Pavlov <dp...@apache.org>
> > wrote:
> > >
> > >> Pavel replied to me in private: encryption is available since 2.4 for
> > .Net
> > >> thin client.
> > >>
> > >> I've also modified source XML
> > >>
> > >>
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
> > >>
> > >>
> > >> чт, 20 июн. 2019 г. в 00:10, Denis Magda <dm...@gridgain.com>:
> > >>
> > >> > Pavel,
> > >> >
> > >> > I still have no info related to starting version of .NET encryption
> > >> > > support. So I supposed it was 1.5.
> > >> >
> > >> >
> > >> > Could you please help with this last open item?
> > >> >
> > >> > Dmitry, thanks for the final summary. I'll contact ASF folks trying
> to
> > >> find
> > >> > the ASF website dev instructions.
> > >> >
> > >> >
> > >> > --
> > >> > Denis Magda
> > >> >
> > >> >
> > >> > On Wed, Jun 19, 2019 at 11:35 AM Dmitriy Pavlov <dpavlov@apache.org
> >
> > >> > wrote:
> > >> >
> > >> > > Hi Denis,
> > >> > >
> > >> > > I still have no info related to starting version of .NET
> encryption
> > >> > > support. So I supposed it was 1.5.
> > >> > >
> > >> > > I've started both XSTLs and added an example of both XLTs output
> to
> > >> > google
> > >> > > doc tabs. One transformer is for email template generation
> (requires
> > >> > > project name), another is for the site table.
> > >> > >
> > >> > > Only one TODO now left in the PR version of the update. All other
> > >> stuff
> > >> > is
> > >> > > ready for publishing:
> > >> > >
> > >> > >
> > >> >
> > >>
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
> > >> > >
> > >> > > Sincerely,
> > >> > > Dmitriy Pavlov
> > >> > >
> > >> > > P.S. I'm not sure that dev. the list will keep formatting, but
> > anyway
> > >> > here
> > >> > > is transformer output example as text.
> > >> > >
> > >> > > Apache Ignite Project
> > >> > > Product Name Versions ECCN
> > >> > > Controlled Source
> > >> > > Apache Ignite development 5D002
> > >> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation,
> > JCraft,
> > >> > Inc.,
> > >> > > The Eclipse Foundation
> > >> > > 2.5.0 - latest 5D002
> > >> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation,
> > JCraft,
> > >> > Inc.,
> > >> > > The Eclipse Foundation
> > >> > > 1.5.0.final - 2.4.0 5D002
> > >> > > ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse
> > >> > > Foundation
> > >> > > 1.0.0 - 1.5.0-b1 5D002
> > >> > > ASF, Oracle, JCraft, Inc., The Eclipse Foundation
> > >> > >
> > >> > > ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <dp...@apache.org>:
> > >> > >
> > >> > > > Igniters,
> > >> > > >
> > >> > > > as for older versions, I've started to collect information of
> > crypto
> > >> > > > providers usages in older versions, please help me to finalize
> > this
> > >> doc
> > >> > > so
> > >> > > > I could prepare a declaration of older versions.
> > >> > > >
> > >> > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
> > >> > > >
> > >> > > > I'm not sure if the time of Incubation counts, but, anyway, let'
> > >> > collect
> > >> > > > information about the history of modules.
> > >> > > >
> > >> > > > Sincerely,
> > >> > > > Dmitriy Pavlov
> > >> > > >
> > >> > > > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <dpavlov@apache.org
> >:
> > >> > > >
> > >> > > >> Hi Denis,
> > >> > > >>
> > >> > > >> Build process seems to be mentioned only here
> > >> > > >> https://www.apache.org/dev/crypto.html#sources It also
> mentions
> > >> some
> > >> > > >> bisnotice XSLT transformation, which is available at SVN here
> > >> > > >>
> > >> > >
> > >> >
> > >>
> >
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/
> > >> > > >>
> > >> > > >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl
> from
> > >> > > >>
> > >> > >
> > >> >
> > >>
> >
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
> > >> > > >> is more appropriate. I will test it locally.
> > >> > > >>
> > >> > > >> The only thing I've found for now is the following scripts at
> the
> > >> root
> > >> > > of
> > >> > > >> SVN here
> > >> https://svn.apache.org/repos/asf/infrastructure/site/trunk/
> > >> > > >> bisnotice.cmd
> > >> > > >> bisnotice.sh
> > >> > > >>
> > >> > > >> Sincerely,
> > >> > > >> Dmitriy Pavlov
> > >> > > >>
> > >> > > >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <dm...@apache.org>:
> > >> > > >>
> > >> > > >>> Dmitriy,
> > >> > > >>>
> > >> > > >>> I think that it's required to enlist all of the publicly
> > released
> > >> > > Ignite
> > >> > > >>> versions (available for download from the website). It means
> > that
> > >> the
> > >> > > XML
> > >> > > >>> should have the following controlled sources grouped by Ignite
> > >> > > versions'
> > >> > > >>> ranges.
> > >> > > >>>
> > >> > > >>>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse
> > >> > > Foundation
> > >> > > >>>    - Ignite 1.5.0 and later: all of the controller versions
> > >> listed by
> > >> > > >>> you.
> > >> > > >>>
> > >> > > >>> Not sure about JCraft only. What was the first Ignite version
> > the
> > >> lib
> > >> > > was
> > >> > > >>> added to?
> > >> > > >>>
> > >> > > >>> As for .NET versions declarations, I'm for the way it handled
> > >> right
> > >> > now
> > >> > > >>> by
> > >> > > >>> you. Btw, do you know where ASF explains the website build
> > >> process?
> > >> > > >>> Failed
> > >> > > >>> to find it, it's not enough just to update the XML.
> > >> > > >>>
> > >> > > >>> Finally, looping in Garrett who can help with the editorial
> > >> review.
> > >> > > >>> Garrett, could you please review README.txt from this
> > >> pull-request?
> > >> > > >>>
> > >> > > >>>
> > >> > >
> > >> >
> > >>
> >
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> > >> > > >>>
> > >> > > >>>
> > >> > > >>> -
> > >> > > >>> Denis
> > >> > > >>>
> > >> > > >>>
> > >> > > >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <
> > >> dpavlov@apache.org>
> > >> > > >>> wrote:
> > >> > > >>>
> > >> > > >>> > Igniters,
> > >> > > >>> >
> > >> > > >>> > please review crypto notice in
> > >> > > >>> >
> > >> > > >>> >
> > >> > > >>>
> > >> > >
> > >> >
> > >>
> >
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> > >> > > >>> >
> > >> > > >>> > Only 2 open questions: about declaring released versions,
> and
> > >> about
> > >> > > >>> > declaring .NET versions (.NET Core & . NET Classic). By
> > >> default, I
> > >> > > >>> propose
> > >> > > >>> > to keep both.
> > >> > > >>> >
> > >> > > >>> > Sincerely,
> > >> > > >>> > Dmitriy Pavlov
> > >> > > >>> >
> > >> > > >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <
> > dpavlov@apache.org
> > >> >:
> > >> > > >>> >
> > >> > > >>> > > Pavel,
> > >> > > >>> > >
> > >> > > >>> > > we need to follow the process from
> > >> > > >>> > > https://www.apache.org/dev/crypto.html#classify
> > >> > > >>> > >
> > >> > > >>> > > Please see similar products in the draft export matrix,
> > >> > > >>> > >
> > >> > > >>> > >
> > >> > > >>> >
> > >> > > >>>
> > >> > >
> > >> >
> > >>
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
> > >> > > >>> > >
> > >> > > >>> > >
> > >> > > >>> > > We don't ship JDK, but we designed our product to use a
> > >> > > cryptographic
> > >> > > >>> > > feature from this 3rd party product, so we need to follow
> > this
> > >> > > >>> process
> > >> > > >>> > and
> > >> > > >>> > > provide matrix update, add CRYPTO notice (I'll draft it).
> > >> > > >>> > >
> > >> > > >>> > > Other products don't declare all possible JDKs -
> > >> > > >>> > > http://www.apache.org/licenses/exports/#matrix So,
> > probably,
> > >> one
> > >> > > >>> > > declaration of .NET classic (Microsoft) would be enough.
> > >> > > >>> > >
> > >> > > >>> > > Sincerely,
> > >> > > >>> > > Dmitriy Pavlov
> > >> > > >>> > >
> > >> > > >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <
> > >> > ptupitsyn@apache.org
> > >> > > >:
> > >> > > >>> > >
> > >> > > >>> > >> >>Should it go instead of Microsoft? Should we mention
> .NET
> > >> code
> > >> > > in
> > >> > > >>> > >> addition
> > >> > > >>> > >>
> > >> > > >>> > >> >>to Microsoft?
> > >> > > >>> > >>
> > >> > > >>> > >>
> > >> > > >>> > >>
> > >> > > >>> > >> >Yes, I think we can do this. Ignite targets both of the
> > >> them.
> > >> > And
> > >> > > >>> .NET
> > >> > > >>> > >> Core uses it’s own implementation of standard class
> > >> library[1]
> > >> > > >>> > >>
> > >> > > >>> > >> >Pavel may correct me.
> > >> > > >>> > >>
> > >> > > >>> > >>
> > >> > > >>> > >> We use crypto APIs from standard class library. We ship
> our
> > >> > > >>> binaries,
> > >> > > >>> > but
> > >> > > >>> > >> we don't ship the framework binaries.
> > >> > > >>> > >>
> > >> > > >>> > >> Our binaries can be executed with .NET Core (open-source,
> > MIT
> > >> > > >>> license),
> > >> > > >>> > >> Mono (open-source, MIT license), and .NET Classic (old
> > >> > framework,
> > >> > > >>> > >> Windows-only, Microsoft license).
> > >> > > >>> > >>
> > >> > > >>> > >> I'm still not sure what is the question we are trying to
> > >> answer,
> > >> > > >>> though.
> > >> > > >>> > >>
> > >> > > >>> > >>
> > >> > > >>> > >> Thanks,
> > >> > > >>> > >>
> > >> > > >>> > >> Pavel
> > >> > > >>> > >>
> > >> > > >>> > >>
> > >> > > >>> > >>
> > >> > > >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <
> > >> > > lexwert@gmail.com
> > >> > > >>> >
> > >> > > >>> > >> wrote:
> > >> > > >>> > >>
> > >> > > >>> > >> > >1) Declaring older versions of Ignite.
> > >> > > >>> > >> >
> > >> > > >>> > >> > >2) Is it correct to mention that Ignite uses .NET core
> > >> > > >>> controlled by
> > >> > > >>> > >> .NET
> > >> > > >>> > >> >
> > >> > > >>> > >> > >Foundation? E.g. as follows:
> > >> > > >>> > >> >
> > >> > > >>> > >> > >(controlled by)
> > >> > > >>> > >> >
> > >> > > >>> > >> > >.NET Foundation
> > >> > > >>> > >> >
> > >> > > >>> > >> > >title=Designed to use .NET Framework Cryptography
> Model
> > >> > > >>> > >> >
> > >> > > >>> > >> > >href=https://dotnetfoundation.org/projects
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > >Should it go instead of Microsoft? Should we mention
> > .NET
> > >> > code
> > >> > > in
> > >> > > >>> > >> addition
> > >> > > >>> > >> >
> > >> > > >>> > >> > >to Microsoft?
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > Yes, I think we can do this. Ignite targets both of the
> > >> them.
> > >> > > And
> > >> > > >>> .NET
> > >> > > >>> > >> > Core uses it’s own implementation of standard class
> > >> library[1]
> > >> > > >>> > >> >
> > >> > > >>> > >> > Pavel may correct me.
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > [1] https://github.com/dotnet/corefx
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > *From: *Dmitriy Pavlov <dp...@apache.org>
> > >> > > >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
> > >> > > >>> > >> > *To: *dev <de...@ignite.apache.org>
> > >> > > >>> > >> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <
> > >> > > >>> > isapego@apache.org>;
> > >> > > >>> > >> Pavel
> > >> > > >>> > >> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <
> > >> > > >>> nizhikov@apache.org>
> > >> > > >>> > >> > *Subject: *Re: Signing off Ignite for export beyond the
> > >> U.S.
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > Thanks, Pavel!
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > Denis, Pavel, Igniters, please review the following
> > >> proposal:
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL
> usage.
> > >> > > >>> > >> >
> > >> > > >>> > >> > - AWS-S3 client-side encryption to be declared as
> JCA/JCE
> > >> > usage.
> > >> > > >>> > >> >
> > >> > > >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE
> > usage.
> > >> > > >>> > >> >
> > >> > > >>> > >> > - TDE to be declared as JCA/JCE
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > Export matrix data to be published in ASF-level SVN:
> > >> > > >>> > >> >
> > >> > > >>> > >> > <<<<<
> > >> > > >>> > >> >
> > >> > > >>> > >> > Product Name
> > >> > > >>> > >> >
> > >> > > >>> > >> > Apache Ignite
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > Versions
> > >> > > >>> > >> >
> > >> > > >>> > >> > development
> > >> > > >>> > >> >
> > >> > > >>> > >> > 2.7 and later <Earlier versions-TBD?>
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > ECCN
> > >> > > >>> > >> >
> > >> > > >>> > >> > 5D002
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > Controlled source
> > >> > > >>> > >> >
> > >> > > >>> > >> > ASF
> > >> > > >>> > >> >
> > >> > > >>> > >> > title=Designed to use with built-in Java Cryptography
> > >> > > Architecture
> > >> > > >>> > (JCA)
> > >> > > >>> > >> >
> > >> > > >>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > Oracle
> > >> > > >>> > >> >
> > >> > > >>> > >> > title=Designed to use with built-in Java encryption
> > >> libraries
> > >> > > >>> (JCE)
> > >> > > >>> > >> >
> > >> > > >>> > >> > href=
> > >> > > >>> > >>
> > >> > >
> https://www.oracle.com/technetwork/java/javase/downloads/index.html
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > The OpenSSL Project
> > >> > > >>> > >> >
> > >> > > >>> > >> > title=Designed to use General Purpose cryptography
> > library
> > >> > > >>> included
> > >> > > >>> > with
> > >> > > >>> > >> >
> > >> > > >>> > >> > OpenSSL
> > >> > > >>> > >> >
> > >> > > >>> > >> > href=https://www.openssl.org/source/
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > Microsoft
> > >> > > >>> > >> >
> > >> > > >>> > >> > title=Designed to use .NET Framework Cryptography Model
> > >> > > >>> > >> >
> > >> > > >>> > >> > href=https://dotnet.microsoft.com/download
> > >> > > >>> > >> >
> > >> > > >>> > >> > >>>>>>
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > Open questions:
> > >> > > >>> > >> >
> > >> > > >>> > >> > 1) Declaring older versions of Ignite.
> > >> > > >>> > >> >
> > >> > > >>> > >> > 2) Is it correct to mention that Ignite uses .NET core
> > >> > > controlled
> > >> > > >>> by
> > >> > > >>> > >> .NET
> > >> > > >>> > >> >
> > >> > > >>> > >> > Foundation? E.g. as follows:
> > >> > > >>> > >> >
> > >> > > >>> > >> > (controlled by)
> > >> > > >>> > >> >
> > >> > > >>> > >> > .NET Foundation
> > >> > > >>> > >> >
> > >> > > >>> > >> > title=Designed to use .NET Framework Cryptography Model
> > >> > > >>> > >> >
> > >> > > >>> > >> > href=https://dotnetfoundation.org/projects
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > Should it go instead of Microsoft? Should we mention
> .NET
> > >> code
> > >> > > in
> > >> > > >>> > >> addition
> > >> > > >>> > >> >
> > >> > > >>> > >> > to Microsoft?
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > Sincerely,
> > >> > > >>> > >> >
> > >> > > >>> > >> > Dmitriy Pavlov
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <
> > >> > > ptupitsyn@apache.org
> > >> > > >>> >:
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> > > Hi Denis,
> > >> > > >>> > >> >
> > >> > > >>> > >> > >
> > >> > > >>> > >> >
> > >> > > >>> > >> > > Ignite.NET uses .NET Framework Standard Library for
> all
> > >> > > >>> security and
> > >> > > >>> > >> >
> > >> > > >>> > >> > > cryptographic related code. There are no dependencies
> > on
> > >> > > >>> external
> > >> > > >>> > >> >
> > >> > > >>> > >> > > libraries.
> > >> > > >>> > >> >
> > >> > > >>> > >> > >
> > >> > > >>> > >> >
> > >> > > >>> > >> > > Thanks
> > >> > > >>> > >> >
> > >> > > >>> > >> > >
> > >> > > >>> > >> >
> > >> > > >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <
> > >> dmagda@apache.org>:
> > >> > > >>> > >> >
> > >> > > >>> > >> > >
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > Igniters,
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > Regardless of the fact that Ignite is an open
> source
> > >> > > >>> software, ASF
> > >> > > >>> > >> as
> > >> > > >>> > >> > an
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > entity based in the U.S. has to comply with certain
> > >> > > exporting
> > >> > > >>> > >> > regulations
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > [1].
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to
> > the
> > >> > > table
> > >> > > >>> [2]
> > >> > > >>> > of
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > projects allowed for export and might need the
> > >> assistance
> > >> > of
> > >> > > >>> some
> > >> > > >>> > of
> > >> > > >>> > >> > you.
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > Here is a list of cryptographic functions used by
> > >> Ignite
> > >> > > (and
> > >> > > >>> > >> provided
> > >> > > >>> > >> > by
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > a 3rd party vendor):
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >    1. JDK SSL/TLS libraries if a user wishes to
> > enable
> > >> > > secured
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >    connectivity between cluster nodes.
> Manufacturer -
> > >> > > >>> > >> Oracle/OpenJDK (
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the
> > Java
> > >> > > >>> libraries
> > >> > > >>> > >> for
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >    transparent data encryption of data on disk (
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >
> > >> > > >>> >
> > https://apacheignite.readme.io/docs/transparent-data-encryption
> > >> )
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >    3. Libraries/vendors for .NET nodes security?*
> > Pavel
> > >> > > >>> Tupitsyn*,
> > >> > > >>> > >> > could
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >    you check?
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >    4. Libraries/vendors for C++ clients security
> > (SSL,
> > >> > TLS,
> > >> > > >>> > anything
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >    else?). *Igor Sapego*, could you please check?
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >    5. Libraries/vendors for Python, PHP, Node.JS
> > >> SSL/TLS?
> > >> > > >>> *Dear
> > >> > > >>> > thin
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >    client contributors*, please facilitate.
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >    6. Anything else missing from the list? We don't
> > >> have
> > >> > any
> > >> > > >>> > custom
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >    crypto features, right?
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > All of these usages/integrations have to comply
> with
> > >> the
> > >> > > >>> following
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a
> > >> notice to
> > >> > > >>> Export
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > Administration Regulations of the U.S.A.
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > [1] http://www.apache.org/licenses/exports/
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > [3]
> https://www.apache.org/dev/crypto.html#classify
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > -
> > >> > > >>> > >> >
> > >> > > >>> > >> > > > Denis
> > >> > > >>> > >> >
> > >> > > >>> > >> > > >
> > >> > > >>> > >> >
> > >> > > >>> > >> > >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >> >
> > >> > > >>> > >>
> > >> > > >>> > >
> > >> > > >>> >
> > >> > > >>>
> > >> > > >>
> > >> > >
> > >> >
> > >>
> > >
> >
>

Re: Signing off Ignite for export beyond the U.S.

[Dmitriy Pavlov <dp...@apache.org>]

Denis thank you,

I see updates in the matrix so I've removed source XMLs from the local
ignite-11932 branch.

In the matrix in the ASF site, other projects seem to be sorted
alphabetically. Maybe we should place Ignite near Incubator.

I will commit & update the wiki, but for now, requests to
https://gitbox.apache.org  are timed out from my laptop. I will retry in 10
hours.

Sincerely
Dmitriy Pavlov


вт, 25 июн. 2019 г. в 23:58, Denis Magda <dm...@gridgain.com>:

> In addition to that, how about adding an item for Ignite release policy to
> validate that there are no cryptography related changes?
> http://www.apache.org/licenses/exports/
>
> --
> Denis Magda
>
>
> On Tue, Jun 25, 2019 at 1:54 PM Denis Magda <dm...@apache.org> wrote:
>
> > Dmitry,
> >
> > I've updated the ASF website by including Ignite to the exports matrix
> > [1]. Plus, notified the controlling U.S. entities on the matter.
> >
> > Could you please do one more favor and help to close these two items
> > (flying on a plane and a poor Internet connection makes it impossible to
> > check them off on my end)?
> >
> >    - Update README.txt in Ignite master with the content prepared earlier
> >    by you
> >    - Copy content of this doc [2] to Ignite Wiki
> >
> > [1] http://www.apache.org/licenses/exports/
> > [2]
> >
> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
> >
> > -
> > Denis
> >
> >
> > On Wed, Jun 19, 2019 at 2:47 PM Dmitriy Pavlov <dp...@apache.org>
> wrote:
> >
> >> Pavel replied to me in private: encryption is available since 2.4 for
> .Net
> >> thin client.
> >>
> >> I've also modified source XML
> >>
> >>
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
> >>
> >>
> >> чт, 20 июн. 2019 г. в 00:10, Denis Magda <dm...@gridgain.com>:
> >>
> >> > Pavel,
> >> >
> >> > I still have no info related to starting version of .NET encryption
> >> > > support. So I supposed it was 1.5.
> >> >
> >> >
> >> > Could you please help with this last open item?
> >> >
> >> > Dmitry, thanks for the final summary. I'll contact ASF folks trying to
> >> find
> >> > the ASF website dev instructions.
> >> >
> >> >
> >> > --
> >> > Denis Magda
> >> >
> >> >
> >> > On Wed, Jun 19, 2019 at 11:35 AM Dmitriy Pavlov <dp...@apache.org>
> >> > wrote:
> >> >
> >> > > Hi Denis,
> >> > >
> >> > > I still have no info related to starting version of .NET encryption
> >> > > support. So I supposed it was 1.5.
> >> > >
> >> > > I've started both XSTLs and added an example of both XLTs output to
> >> > google
> >> > > doc tabs. One transformer is for email template generation (requires
> >> > > project name), another is for the site table.
> >> > >
> >> > > Only one TODO now left in the PR version of the update. All other
> >> stuff
> >> > is
> >> > > ready for publishing:
> >> > >
> >> > >
> >> >
> >>
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
> >> > >
> >> > > Sincerely,
> >> > > Dmitriy Pavlov
> >> > >
> >> > > P.S. I'm not sure that dev. the list will keep formatting, but
> anyway
> >> > here
> >> > > is transformer output example as text.
> >> > >
> >> > > Apache Ignite Project
> >> > > Product Name Versions ECCN
> >> > > Controlled Source
> >> > > Apache Ignite development 5D002
> >> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation,
> JCraft,
> >> > Inc.,
> >> > > The Eclipse Foundation
> >> > > 2.5.0 - latest 5D002
> >> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation,
> JCraft,
> >> > Inc.,
> >> > > The Eclipse Foundation
> >> > > 1.5.0.final - 2.4.0 5D002
> >> > > ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse
> >> > > Foundation
> >> > > 1.0.0 - 1.5.0-b1 5D002
> >> > > ASF, Oracle, JCraft, Inc., The Eclipse Foundation
> >> > >
> >> > > ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <dp...@apache.org>:
> >> > >
> >> > > > Igniters,
> >> > > >
> >> > > > as for older versions, I've started to collect information of
> crypto
> >> > > > providers usages in older versions, please help me to finalize
> this
> >> doc
> >> > > so
> >> > > > I could prepare a declaration of older versions.
> >> > > >
> >> > > >
> >> > > >
> >> > >
> >> >
> >>
> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
> >> > > >
> >> > > > I'm not sure if the time of Incubation counts, but, anyway, let'
> >> > collect
> >> > > > information about the history of modules.
> >> > > >
> >> > > > Sincerely,
> >> > > > Dmitriy Pavlov
> >> > > >
> >> > > > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <dp...@apache.org>:
> >> > > >
> >> > > >> Hi Denis,
> >> > > >>
> >> > > >> Build process seems to be mentioned only here
> >> > > >> https://www.apache.org/dev/crypto.html#sources It also mentions
> >> some
> >> > > >> bisnotice XSLT transformation, which is available at SVN here
> >> > > >>
> >> > >
> >> >
> >>
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/
> >> > > >>
> >> > > >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from
> >> > > >>
> >> > >
> >> >
> >>
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
> >> > > >> is more appropriate. I will test it locally.
> >> > > >>
> >> > > >> The only thing I've found for now is the following scripts at the
> >> root
> >> > > of
> >> > > >> SVN here
> >> https://svn.apache.org/repos/asf/infrastructure/site/trunk/
> >> > > >> bisnotice.cmd
> >> > > >> bisnotice.sh
> >> > > >>
> >> > > >> Sincerely,
> >> > > >> Dmitriy Pavlov
> >> > > >>
> >> > > >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <dm...@apache.org>:
> >> > > >>
> >> > > >>> Dmitriy,
> >> > > >>>
> >> > > >>> I think that it's required to enlist all of the publicly
> released
> >> > > Ignite
> >> > > >>> versions (available for download from the website). It means
> that
> >> the
> >> > > XML
> >> > > >>> should have the following controlled sources grouped by Ignite
> >> > > versions'
> >> > > >>> ranges.
> >> > > >>>
> >> > > >>>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse
> >> > > Foundation
> >> > > >>>    - Ignite 1.5.0 and later: all of the controller versions
> >> listed by
> >> > > >>> you.
> >> > > >>>
> >> > > >>> Not sure about JCraft only. What was the first Ignite version
> the
> >> lib
> >> > > was
> >> > > >>> added to?
> >> > > >>>
> >> > > >>> As for .NET versions declarations, I'm for the way it handled
> >> right
> >> > now
> >> > > >>> by
> >> > > >>> you. Btw, do you know where ASF explains the website build
> >> process?
> >> > > >>> Failed
> >> > > >>> to find it, it's not enough just to update the XML.
> >> > > >>>
> >> > > >>> Finally, looping in Garrett who can help with the editorial
> >> review.
> >> > > >>> Garrett, could you please review README.txt from this
> >> pull-request?
> >> > > >>>
> >> > > >>>
> >> > >
> >> >
> >>
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> >> > > >>>
> >> > > >>>
> >> > > >>> -
> >> > > >>> Denis
> >> > > >>>
> >> > > >>>
> >> > > >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <
> >> dpavlov@apache.org>
> >> > > >>> wrote:
> >> > > >>>
> >> > > >>> > Igniters,
> >> > > >>> >
> >> > > >>> > please review crypto notice in
> >> > > >>> >
> >> > > >>> >
> >> > > >>>
> >> > >
> >> >
> >>
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> >> > > >>> >
> >> > > >>> > Only 2 open questions: about declaring released versions, and
> >> about
> >> > > >>> > declaring .NET versions (.NET Core & . NET Classic). By
> >> default, I
> >> > > >>> propose
> >> > > >>> > to keep both.
> >> > > >>> >
> >> > > >>> > Sincerely,
> >> > > >>> > Dmitriy Pavlov
> >> > > >>> >
> >> > > >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <
> dpavlov@apache.org
> >> >:
> >> > > >>> >
> >> > > >>> > > Pavel,
> >> > > >>> > >
> >> > > >>> > > we need to follow the process from
> >> > > >>> > > https://www.apache.org/dev/crypto.html#classify
> >> > > >>> > >
> >> > > >>> > > Please see similar products in the draft export matrix,
> >> > > >>> > >
> >> > > >>> > >
> >> > > >>> >
> >> > > >>>
> >> > >
> >> >
> >>
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
> >> > > >>> > >
> >> > > >>> > >
> >> > > >>> > > We don't ship JDK, but we designed our product to use a
> >> > > cryptographic
> >> > > >>> > > feature from this 3rd party product, so we need to follow
> this
> >> > > >>> process
> >> > > >>> > and
> >> > > >>> > > provide matrix update, add CRYPTO notice (I'll draft it).
> >> > > >>> > >
> >> > > >>> > > Other products don't declare all possible JDKs -
> >> > > >>> > > http://www.apache.org/licenses/exports/#matrix So,
> probably,
> >> one
> >> > > >>> > > declaration of .NET classic (Microsoft) would be enough.
> >> > > >>> > >
> >> > > >>> > > Sincerely,
> >> > > >>> > > Dmitriy Pavlov
> >> > > >>> > >
> >> > > >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <
> >> > ptupitsyn@apache.org
> >> > > >:
> >> > > >>> > >
> >> > > >>> > >> >>Should it go instead of Microsoft? Should we mention .NET
> >> code
> >> > > in
> >> > > >>> > >> addition
> >> > > >>> > >>
> >> > > >>> > >> >>to Microsoft?
> >> > > >>> > >>
> >> > > >>> > >>
> >> > > >>> > >>
> >> > > >>> > >> >Yes, I think we can do this. Ignite targets both of the
> >> them.
> >> > And
> >> > > >>> .NET
> >> > > >>> > >> Core uses it’s own implementation of standard class
> >> library[1]
> >> > > >>> > >>
> >> > > >>> > >> >Pavel may correct me.
> >> > > >>> > >>
> >> > > >>> > >>
> >> > > >>> > >> We use crypto APIs from standard class library. We ship our
> >> > > >>> binaries,
> >> > > >>> > but
> >> > > >>> > >> we don't ship the framework binaries.
> >> > > >>> > >>
> >> > > >>> > >> Our binaries can be executed with .NET Core (open-source,
> MIT
> >> > > >>> license),
> >> > > >>> > >> Mono (open-source, MIT license), and .NET Classic (old
> >> > framework,
> >> > > >>> > >> Windows-only, Microsoft license).
> >> > > >>> > >>
> >> > > >>> > >> I'm still not sure what is the question we are trying to
> >> answer,
> >> > > >>> though.
> >> > > >>> > >>
> >> > > >>> > >>
> >> > > >>> > >> Thanks,
> >> > > >>> > >>
> >> > > >>> > >> Pavel
> >> > > >>> > >>
> >> > > >>> > >>
> >> > > >>> > >>
> >> > > >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <
> >> > > lexwert@gmail.com
> >> > > >>> >
> >> > > >>> > >> wrote:
> >> > > >>> > >>
> >> > > >>> > >> > >1) Declaring older versions of Ignite.
> >> > > >>> > >> >
> >> > > >>> > >> > >2) Is it correct to mention that Ignite uses .NET core
> >> > > >>> controlled by
> >> > > >>> > >> .NET
> >> > > >>> > >> >
> >> > > >>> > >> > >Foundation? E.g. as follows:
> >> > > >>> > >> >
> >> > > >>> > >> > >(controlled by)
> >> > > >>> > >> >
> >> > > >>> > >> > >.NET Foundation
> >> > > >>> > >> >
> >> > > >>> > >> > >title=Designed to use .NET Framework Cryptography Model
> >> > > >>> > >> >
> >> > > >>> > >> > >href=https://dotnetfoundation.org/projects
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > >Should it go instead of Microsoft? Should we mention
> .NET
> >> > code
> >> > > in
> >> > > >>> > >> addition
> >> > > >>> > >> >
> >> > > >>> > >> > >to Microsoft?
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > Yes, I think we can do this. Ignite targets both of the
> >> them.
> >> > > And
> >> > > >>> .NET
> >> > > >>> > >> > Core uses it’s own implementation of standard class
> >> library[1]
> >> > > >>> > >> >
> >> > > >>> > >> > Pavel may correct me.
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > [1] https://github.com/dotnet/corefx
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > *From: *Dmitriy Pavlov <dp...@apache.org>
> >> > > >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
> >> > > >>> > >> > *To: *dev <de...@ignite.apache.org>
> >> > > >>> > >> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <
> >> > > >>> > isapego@apache.org>;
> >> > > >>> > >> Pavel
> >> > > >>> > >> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <
> >> > > >>> nizhikov@apache.org>
> >> > > >>> > >> > *Subject: *Re: Signing off Ignite for export beyond the
> >> U.S.
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > Thanks, Pavel!
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > Denis, Pavel, Igniters, please review the following
> >> proposal:
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage.
> >> > > >>> > >> >
> >> > > >>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE
> >> > usage.
> >> > > >>> > >> >
> >> > > >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE
> usage.
> >> > > >>> > >> >
> >> > > >>> > >> > - TDE to be declared as JCA/JCE
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > Export matrix data to be published in ASF-level SVN:
> >> > > >>> > >> >
> >> > > >>> > >> > <<<<<
> >> > > >>> > >> >
> >> > > >>> > >> > Product Name
> >> > > >>> > >> >
> >> > > >>> > >> > Apache Ignite
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > Versions
> >> > > >>> > >> >
> >> > > >>> > >> > development
> >> > > >>> > >> >
> >> > > >>> > >> > 2.7 and later <Earlier versions-TBD?>
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > ECCN
> >> > > >>> > >> >
> >> > > >>> > >> > 5D002
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > Controlled source
> >> > > >>> > >> >
> >> > > >>> > >> > ASF
> >> > > >>> > >> >
> >> > > >>> > >> > title=Designed to use with built-in Java Cryptography
> >> > > Architecture
> >> > > >>> > (JCA)
> >> > > >>> > >> >
> >> > > >>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > Oracle
> >> > > >>> > >> >
> >> > > >>> > >> > title=Designed to use with built-in Java encryption
> >> libraries
> >> > > >>> (JCE)
> >> > > >>> > >> >
> >> > > >>> > >> > href=
> >> > > >>> > >>
> >> > > https://www.oracle.com/technetwork/java/javase/downloads/index.html
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > The OpenSSL Project
> >> > > >>> > >> >
> >> > > >>> > >> > title=Designed to use General Purpose cryptography
> library
> >> > > >>> included
> >> > > >>> > with
> >> > > >>> > >> >
> >> > > >>> > >> > OpenSSL
> >> > > >>> > >> >
> >> > > >>> > >> > href=https://www.openssl.org/source/
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > Microsoft
> >> > > >>> > >> >
> >> > > >>> > >> > title=Designed to use .NET Framework Cryptography Model
> >> > > >>> > >> >
> >> > > >>> > >> > href=https://dotnet.microsoft.com/download
> >> > > >>> > >> >
> >> > > >>> > >> > >>>>>>
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > Open questions:
> >> > > >>> > >> >
> >> > > >>> > >> > 1) Declaring older versions of Ignite.
> >> > > >>> > >> >
> >> > > >>> > >> > 2) Is it correct to mention that Ignite uses .NET core
> >> > > controlled
> >> > > >>> by
> >> > > >>> > >> .NET
> >> > > >>> > >> >
> >> > > >>> > >> > Foundation? E.g. as follows:
> >> > > >>> > >> >
> >> > > >>> > >> > (controlled by)
> >> > > >>> > >> >
> >> > > >>> > >> > .NET Foundation
> >> > > >>> > >> >
> >> > > >>> > >> > title=Designed to use .NET Framework Cryptography Model
> >> > > >>> > >> >
> >> > > >>> > >> > href=https://dotnetfoundation.org/projects
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > Should it go instead of Microsoft? Should we mention .NET
> >> code
> >> > > in
> >> > > >>> > >> addition
> >> > > >>> > >> >
> >> > > >>> > >> > to Microsoft?
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > Sincerely,
> >> > > >>> > >> >
> >> > > >>> > >> > Dmitriy Pavlov
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <
> >> > > ptupitsyn@apache.org
> >> > > >>> >:
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> > > Hi Denis,
> >> > > >>> > >> >
> >> > > >>> > >> > >
> >> > > >>> > >> >
> >> > > >>> > >> > > Ignite.NET uses .NET Framework Standard Library for all
> >> > > >>> security and
> >> > > >>> > >> >
> >> > > >>> > >> > > cryptographic related code. There are no dependencies
> on
> >> > > >>> external
> >> > > >>> > >> >
> >> > > >>> > >> > > libraries.
> >> > > >>> > >> >
> >> > > >>> > >> > >
> >> > > >>> > >> >
> >> > > >>> > >> > > Thanks
> >> > > >>> > >> >
> >> > > >>> > >> > >
> >> > > >>> > >> >
> >> > > >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <
> >> dmagda@apache.org>:
> >> > > >>> > >> >
> >> > > >>> > >> > >
> >> > > >>> > >> >
> >> > > >>> > >> > > > Igniters,
> >> > > >>> > >> >
> >> > > >>> > >> > > >
> >> > > >>> > >> >
> >> > > >>> > >> > > > Regardless of the fact that Ignite is an open source
> >> > > >>> software, ASF
> >> > > >>> > >> as
> >> > > >>> > >> > an
> >> > > >>> > >> >
> >> > > >>> > >> > > > entity based in the U.S. has to comply with certain
> >> > > exporting
> >> > > >>> > >> > regulations
> >> > > >>> > >> >
> >> > > >>> > >> > > > [1].
> >> > > >>> > >> >
> >> > > >>> > >> > > >
> >> > > >>> > >> >
> >> > > >>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to
> the
> >> > > table
> >> > > >>> [2]
> >> > > >>> > of
> >> > > >>> > >> >
> >> > > >>> > >> > > > projects allowed for export and might need the
> >> assistance
> >> > of
> >> > > >>> some
> >> > > >>> > of
> >> > > >>> > >> > you.
> >> > > >>> > >> >
> >> > > >>> > >> > > >
> >> > > >>> > >> >
> >> > > >>> > >> > > > Here is a list of cryptographic functions used by
> >> Ignite
> >> > > (and
> >> > > >>> > >> provided
> >> > > >>> > >> > by
> >> > > >>> > >> >
> >> > > >>> > >> > > > a 3rd party vendor):
> >> > > >>> > >> >
> >> > > >>> > >> > > >
> >> > > >>> > >> >
> >> > > >>> > >> > > >    1. JDK SSL/TLS libraries if a user wishes to
> enable
> >> > > secured
> >> > > >>> > >> >
> >> > > >>> > >> > > >    connectivity between cluster nodes. Manufacturer -
> >> > > >>> > >> Oracle/OpenJDK (
> >> > > >>> > >> >
> >> > > >>> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
> >> > > >>> > >> >
> >> > > >>> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the
> Java
> >> > > >>> libraries
> >> > > >>> > >> for
> >> > > >>> > >> >
> >> > > >>> > >> > > >    transparent data encryption of data on disk (
> >> > > >>> > >> >
> >> > > >>> > >> > > >
> >> > > >>> >
> https://apacheignite.readme.io/docs/transparent-data-encryption
> >> )
> >> > > >>> > >> >
> >> > > >>> > >> > > >    3. Libraries/vendors for .NET nodes security?*
> Pavel
> >> > > >>> Tupitsyn*,
> >> > > >>> > >> > could
> >> > > >>> > >> >
> >> > > >>> > >> > > >    you check?
> >> > > >>> > >> >
> >> > > >>> > >> > > >    4. Libraries/vendors for C++ clients security
> (SSL,
> >> > TLS,
> >> > > >>> > anything
> >> > > >>> > >> >
> >> > > >>> > >> > > >    else?). *Igor Sapego*, could you please check?
> >> > > >>> > >> >
> >> > > >>> > >> > > >    5. Libraries/vendors for Python, PHP, Node.JS
> >> SSL/TLS?
> >> > > >>> *Dear
> >> > > >>> > thin
> >> > > >>> > >> >
> >> > > >>> > >> > > >    client contributors*, please facilitate.
> >> > > >>> > >> >
> >> > > >>> > >> > > >    6. Anything else missing from the list? We don't
> >> have
> >> > any
> >> > > >>> > custom
> >> > > >>> > >> >
> >> > > >>> > >> > > >    crypto features, right?
> >> > > >>> > >> >
> >> > > >>> > >> > > >
> >> > > >>> > >> >
> >> > > >>> > >> > > > All of these usages/integrations have to comply with
> >> the
> >> > > >>> following
> >> > > >>> > >> >
> >> > > >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a
> >> notice to
> >> > > >>> Export
> >> > > >>> > >> >
> >> > > >>> > >> > > > Administration Regulations of the U.S.A.
> >> > > >>> > >> >
> >> > > >>> > >> > > >
> >> > > >>> > >> >
> >> > > >>> > >> > > > [1] http://www.apache.org/licenses/exports/
> >> > > >>> > >> >
> >> > > >>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix
> >> > > >>> > >> >
> >> > > >>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify
> >> > > >>> > >> >
> >> > > >>> > >> > > >
> >> > > >>> > >> >
> >> > > >>> > >> > > >
> >> > > >>> > >> >
> >> > > >>> > >> > > > -
> >> > > >>> > >> >
> >> > > >>> > >> > > > Denis
> >> > > >>> > >> >
> >> > > >>> > >> > > >
> >> > > >>> > >> >
> >> > > >>> > >> > >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >> >
> >> > > >>> > >>
> >> > > >>> > >
> >> > > >>> >
> >> > > >>>
> >> > > >>
> >> > >
> >> >
> >>
> >
>

Re: Signing off Ignite for export beyond the U.S.

[Denis Magda <dm...@gridgain.com>]

In addition to that, how about adding an item for Ignite release policy to
validate that there are no cryptography related changes?
http://www.apache.org/licenses/exports/

--
Denis Magda


On Tue, Jun 25, 2019 at 1:54 PM Denis Magda <dm...@apache.org> wrote:

> Dmitry,
>
> I've updated the ASF website by including Ignite to the exports matrix
> [1]. Plus, notified the controlling U.S. entities on the matter.
>
> Could you please do one more favor and help to close these two items
> (flying on a plane and a poor Internet connection makes it impossible to
> check them off on my end)?
>
>    - Update README.txt in Ignite master with the content prepared earlier
>    by you
>    - Copy content of this doc [2] to Ignite Wiki
>
> [1] http://www.apache.org/licenses/exports/
> [2]
> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
>
> -
> Denis
>
>
> On Wed, Jun 19, 2019 at 2:47 PM Dmitriy Pavlov <dp...@apache.org> wrote:
>
>> Pavel replied to me in private: encryption is available since 2.4 for .Net
>> thin client.
>>
>> I've also modified source XML
>>
>> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
>>
>>
>> чт, 20 июн. 2019 г. в 00:10, Denis Magda <dm...@gridgain.com>:
>>
>> > Pavel,
>> >
>> > I still have no info related to starting version of .NET encryption
>> > > support. So I supposed it was 1.5.
>> >
>> >
>> > Could you please help with this last open item?
>> >
>> > Dmitry, thanks for the final summary. I'll contact ASF folks trying to
>> find
>> > the ASF website dev instructions.
>> >
>> >
>> > --
>> > Denis Magda
>> >
>> >
>> > On Wed, Jun 19, 2019 at 11:35 AM Dmitriy Pavlov <dp...@apache.org>
>> > wrote:
>> >
>> > > Hi Denis,
>> > >
>> > > I still have no info related to starting version of .NET encryption
>> > > support. So I supposed it was 1.5.
>> > >
>> > > I've started both XSTLs and added an example of both XLTs output to
>> > google
>> > > doc tabs. One transformer is for email template generation (requires
>> > > project name), another is for the site table.
>> > >
>> > > Only one TODO now left in the PR version of the update. All other
>> stuff
>> > is
>> > > ready for publishing:
>> > >
>> > >
>> >
>> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
>> > >
>> > > Sincerely,
>> > > Dmitriy Pavlov
>> > >
>> > > P.S. I'm not sure that dev. the list will keep formatting, but anyway
>> > here
>> > > is transformer output example as text.
>> > >
>> > > Apache Ignite Project
>> > > Product Name Versions ECCN
>> > > Controlled Source
>> > > Apache Ignite development 5D002
>> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft,
>> > Inc.,
>> > > The Eclipse Foundation
>> > > 2.5.0 - latest 5D002
>> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft,
>> > Inc.,
>> > > The Eclipse Foundation
>> > > 1.5.0.final - 2.4.0 5D002
>> > > ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse
>> > > Foundation
>> > > 1.0.0 - 1.5.0-b1 5D002
>> > > ASF, Oracle, JCraft, Inc., The Eclipse Foundation
>> > >
>> > > ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <dp...@apache.org>:
>> > >
>> > > > Igniters,
>> > > >
>> > > > as for older versions, I've started to collect information of crypto
>> > > > providers usages in older versions, please help me to finalize this
>> doc
>> > > so
>> > > > I could prepare a declaration of older versions.
>> > > >
>> > > >
>> > > >
>> > >
>> >
>> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
>> > > >
>> > > > I'm not sure if the time of Incubation counts, but, anyway, let'
>> > collect
>> > > > information about the history of modules.
>> > > >
>> > > > Sincerely,
>> > > > Dmitriy Pavlov
>> > > >
>> > > > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <dp...@apache.org>:
>> > > >
>> > > >> Hi Denis,
>> > > >>
>> > > >> Build process seems to be mentioned only here
>> > > >> https://www.apache.org/dev/crypto.html#sources It also mentions
>> some
>> > > >> bisnotice XSLT transformation, which is available at SVN here
>> > > >>
>> > >
>> >
>> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/
>> > > >>
>> > > >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from
>> > > >>
>> > >
>> >
>> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
>> > > >> is more appropriate. I will test it locally.
>> > > >>
>> > > >> The only thing I've found for now is the following scripts at the
>> root
>> > > of
>> > > >> SVN here
>> https://svn.apache.org/repos/asf/infrastructure/site/trunk/
>> > > >> bisnotice.cmd
>> > > >> bisnotice.sh
>> > > >>
>> > > >> Sincerely,
>> > > >> Dmitriy Pavlov
>> > > >>
>> > > >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <dm...@apache.org>:
>> > > >>
>> > > >>> Dmitriy,
>> > > >>>
>> > > >>> I think that it's required to enlist all of the publicly released
>> > > Ignite
>> > > >>> versions (available for download from the website). It means that
>> the
>> > > XML
>> > > >>> should have the following controlled sources grouped by Ignite
>> > > versions'
>> > > >>> ranges.
>> > > >>>
>> > > >>>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse
>> > > Foundation
>> > > >>>    - Ignite 1.5.0 and later: all of the controller versions
>> listed by
>> > > >>> you.
>> > > >>>
>> > > >>> Not sure about JCraft only. What was the first Ignite version the
>> lib
>> > > was
>> > > >>> added to?
>> > > >>>
>> > > >>> As for .NET versions declarations, I'm for the way it handled
>> right
>> > now
>> > > >>> by
>> > > >>> you. Btw, do you know where ASF explains the website build
>> process?
>> > > >>> Failed
>> > > >>> to find it, it's not enough just to update the XML.
>> > > >>>
>> > > >>> Finally, looping in Garrett who can help with the editorial
>> review.
>> > > >>> Garrett, could you please review README.txt from this
>> pull-request?
>> > > >>>
>> > > >>>
>> > >
>> >
>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
>> > > >>>
>> > > >>>
>> > > >>> -
>> > > >>> Denis
>> > > >>>
>> > > >>>
>> > > >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <
>> dpavlov@apache.org>
>> > > >>> wrote:
>> > > >>>
>> > > >>> > Igniters,
>> > > >>> >
>> > > >>> > please review crypto notice in
>> > > >>> >
>> > > >>> >
>> > > >>>
>> > >
>> >
>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
>> > > >>> >
>> > > >>> > Only 2 open questions: about declaring released versions, and
>> about
>> > > >>> > declaring .NET versions (.NET Core & . NET Classic). By
>> default, I
>> > > >>> propose
>> > > >>> > to keep both.
>> > > >>> >
>> > > >>> > Sincerely,
>> > > >>> > Dmitriy Pavlov
>> > > >>> >
>> > > >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <dpavlov@apache.org
>> >:
>> > > >>> >
>> > > >>> > > Pavel,
>> > > >>> > >
>> > > >>> > > we need to follow the process from
>> > > >>> > > https://www.apache.org/dev/crypto.html#classify
>> > > >>> > >
>> > > >>> > > Please see similar products in the draft export matrix,
>> > > >>> > >
>> > > >>> > >
>> > > >>> >
>> > > >>>
>> > >
>> >
>> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
>> > > >>> > >
>> > > >>> > >
>> > > >>> > > We don't ship JDK, but we designed our product to use a
>> > > cryptographic
>> > > >>> > > feature from this 3rd party product, so we need to follow this
>> > > >>> process
>> > > >>> > and
>> > > >>> > > provide matrix update, add CRYPTO notice (I'll draft it).
>> > > >>> > >
>> > > >>> > > Other products don't declare all possible JDKs -
>> > > >>> > > http://www.apache.org/licenses/exports/#matrix So, probably,
>> one
>> > > >>> > > declaration of .NET classic (Microsoft) would be enough.
>> > > >>> > >
>> > > >>> > > Sincerely,
>> > > >>> > > Dmitriy Pavlov
>> > > >>> > >
>> > > >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <
>> > ptupitsyn@apache.org
>> > > >:
>> > > >>> > >
>> > > >>> > >> >>Should it go instead of Microsoft? Should we mention .NET
>> code
>> > > in
>> > > >>> > >> addition
>> > > >>> > >>
>> > > >>> > >> >>to Microsoft?
>> > > >>> > >>
>> > > >>> > >>
>> > > >>> > >>
>> > > >>> > >> >Yes, I think we can do this. Ignite targets both of the
>> them.
>> > And
>> > > >>> .NET
>> > > >>> > >> Core uses it’s own implementation of standard class
>> library[1]
>> > > >>> > >>
>> > > >>> > >> >Pavel may correct me.
>> > > >>> > >>
>> > > >>> > >>
>> > > >>> > >> We use crypto APIs from standard class library. We ship our
>> > > >>> binaries,
>> > > >>> > but
>> > > >>> > >> we don't ship the framework binaries.
>> > > >>> > >>
>> > > >>> > >> Our binaries can be executed with .NET Core (open-source, MIT
>> > > >>> license),
>> > > >>> > >> Mono (open-source, MIT license), and .NET Classic (old
>> > framework,
>> > > >>> > >> Windows-only, Microsoft license).
>> > > >>> > >>
>> > > >>> > >> I'm still not sure what is the question we are trying to
>> answer,
>> > > >>> though.
>> > > >>> > >>
>> > > >>> > >>
>> > > >>> > >> Thanks,
>> > > >>> > >>
>> > > >>> > >> Pavel
>> > > >>> > >>
>> > > >>> > >>
>> > > >>> > >>
>> > > >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <
>> > > lexwert@gmail.com
>> > > >>> >
>> > > >>> > >> wrote:
>> > > >>> > >>
>> > > >>> > >> > >1) Declaring older versions of Ignite.
>> > > >>> > >> >
>> > > >>> > >> > >2) Is it correct to mention that Ignite uses .NET core
>> > > >>> controlled by
>> > > >>> > >> .NET
>> > > >>> > >> >
>> > > >>> > >> > >Foundation? E.g. as follows:
>> > > >>> > >> >
>> > > >>> > >> > >(controlled by)
>> > > >>> > >> >
>> > > >>> > >> > >.NET Foundation
>> > > >>> > >> >
>> > > >>> > >> > >title=Designed to use .NET Framework Cryptography Model
>> > > >>> > >> >
>> > > >>> > >> > >href=https://dotnetfoundation.org/projects
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > >Should it go instead of Microsoft? Should we mention .NET
>> > code
>> > > in
>> > > >>> > >> addition
>> > > >>> > >> >
>> > > >>> > >> > >to Microsoft?
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > Yes, I think we can do this. Ignite targets both of the
>> them.
>> > > And
>> > > >>> .NET
>> > > >>> > >> > Core uses it’s own implementation of standard class
>> library[1]
>> > > >>> > >> >
>> > > >>> > >> > Pavel may correct me.
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > [1] https://github.com/dotnet/corefx
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > *From: *Dmitriy Pavlov <dp...@apache.org>
>> > > >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
>> > > >>> > >> > *To: *dev <de...@ignite.apache.org>
>> > > >>> > >> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <
>> > > >>> > isapego@apache.org>;
>> > > >>> > >> Pavel
>> > > >>> > >> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <
>> > > >>> nizhikov@apache.org>
>> > > >>> > >> > *Subject: *Re: Signing off Ignite for export beyond the
>> U.S.
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > Thanks, Pavel!
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > Denis, Pavel, Igniters, please review the following
>> proposal:
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage.
>> > > >>> > >> >
>> > > >>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE
>> > usage.
>> > > >>> > >> >
>> > > >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage.
>> > > >>> > >> >
>> > > >>> > >> > - TDE to be declared as JCA/JCE
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > Export matrix data to be published in ASF-level SVN:
>> > > >>> > >> >
>> > > >>> > >> > <<<<<
>> > > >>> > >> >
>> > > >>> > >> > Product Name
>> > > >>> > >> >
>> > > >>> > >> > Apache Ignite
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > Versions
>> > > >>> > >> >
>> > > >>> > >> > development
>> > > >>> > >> >
>> > > >>> > >> > 2.7 and later <Earlier versions-TBD?>
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > ECCN
>> > > >>> > >> >
>> > > >>> > >> > 5D002
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > Controlled source
>> > > >>> > >> >
>> > > >>> > >> > ASF
>> > > >>> > >> >
>> > > >>> > >> > title=Designed to use with built-in Java Cryptography
>> > > Architecture
>> > > >>> > (JCA)
>> > > >>> > >> >
>> > > >>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > Oracle
>> > > >>> > >> >
>> > > >>> > >> > title=Designed to use with built-in Java encryption
>> libraries
>> > > >>> (JCE)
>> > > >>> > >> >
>> > > >>> > >> > href=
>> > > >>> > >>
>> > > https://www.oracle.com/technetwork/java/javase/downloads/index.html
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > The OpenSSL Project
>> > > >>> > >> >
>> > > >>> > >> > title=Designed to use General Purpose cryptography library
>> > > >>> included
>> > > >>> > with
>> > > >>> > >> >
>> > > >>> > >> > OpenSSL
>> > > >>> > >> >
>> > > >>> > >> > href=https://www.openssl.org/source/
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > Microsoft
>> > > >>> > >> >
>> > > >>> > >> > title=Designed to use .NET Framework Cryptography Model
>> > > >>> > >> >
>> > > >>> > >> > href=https://dotnet.microsoft.com/download
>> > > >>> > >> >
>> > > >>> > >> > >>>>>>
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > Open questions:
>> > > >>> > >> >
>> > > >>> > >> > 1) Declaring older versions of Ignite.
>> > > >>> > >> >
>> > > >>> > >> > 2) Is it correct to mention that Ignite uses .NET core
>> > > controlled
>> > > >>> by
>> > > >>> > >> .NET
>> > > >>> > >> >
>> > > >>> > >> > Foundation? E.g. as follows:
>> > > >>> > >> >
>> > > >>> > >> > (controlled by)
>> > > >>> > >> >
>> > > >>> > >> > .NET Foundation
>> > > >>> > >> >
>> > > >>> > >> > title=Designed to use .NET Framework Cryptography Model
>> > > >>> > >> >
>> > > >>> > >> > href=https://dotnetfoundation.org/projects
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > Should it go instead of Microsoft? Should we mention .NET
>> code
>> > > in
>> > > >>> > >> addition
>> > > >>> > >> >
>> > > >>> > >> > to Microsoft?
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > Sincerely,
>> > > >>> > >> >
>> > > >>> > >> > Dmitriy Pavlov
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <
>> > > ptupitsyn@apache.org
>> > > >>> >:
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> > > Hi Denis,
>> > > >>> > >> >
>> > > >>> > >> > >
>> > > >>> > >> >
>> > > >>> > >> > > Ignite.NET uses .NET Framework Standard Library for all
>> > > >>> security and
>> > > >>> > >> >
>> > > >>> > >> > > cryptographic related code. There are no dependencies on
>> > > >>> external
>> > > >>> > >> >
>> > > >>> > >> > > libraries.
>> > > >>> > >> >
>> > > >>> > >> > >
>> > > >>> > >> >
>> > > >>> > >> > > Thanks
>> > > >>> > >> >
>> > > >>> > >> > >
>> > > >>> > >> >
>> > > >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <
>> dmagda@apache.org>:
>> > > >>> > >> >
>> > > >>> > >> > >
>> > > >>> > >> >
>> > > >>> > >> > > > Igniters,
>> > > >>> > >> >
>> > > >>> > >> > > >
>> > > >>> > >> >
>> > > >>> > >> > > > Regardless of the fact that Ignite is an open source
>> > > >>> software, ASF
>> > > >>> > >> as
>> > > >>> > >> > an
>> > > >>> > >> >
>> > > >>> > >> > > > entity based in the U.S. has to comply with certain
>> > > exporting
>> > > >>> > >> > regulations
>> > > >>> > >> >
>> > > >>> > >> > > > [1].
>> > > >>> > >> >
>> > > >>> > >> > > >
>> > > >>> > >> >
>> > > >>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the
>> > > table
>> > > >>> [2]
>> > > >>> > of
>> > > >>> > >> >
>> > > >>> > >> > > > projects allowed for export and might need the
>> assistance
>> > of
>> > > >>> some
>> > > >>> > of
>> > > >>> > >> > you.
>> > > >>> > >> >
>> > > >>> > >> > > >
>> > > >>> > >> >
>> > > >>> > >> > > > Here is a list of cryptographic functions used by
>> Ignite
>> > > (and
>> > > >>> > >> provided
>> > > >>> > >> > by
>> > > >>> > >> >
>> > > >>> > >> > > > a 3rd party vendor):
>> > > >>> > >> >
>> > > >>> > >> > > >
>> > > >>> > >> >
>> > > >>> > >> > > >    1. JDK SSL/TLS libraries if a user wishes to enable
>> > > secured
>> > > >>> > >> >
>> > > >>> > >> > > >    connectivity between cluster nodes. Manufacturer -
>> > > >>> > >> Oracle/OpenJDK (
>> > > >>> > >> >
>> > > >>> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
>> > > >>> > >> >
>> > > >>> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the Java
>> > > >>> libraries
>> > > >>> > >> for
>> > > >>> > >> >
>> > > >>> > >> > > >    transparent data encryption of data on disk (
>> > > >>> > >> >
>> > > >>> > >> > > >
>> > > >>> > https://apacheignite.readme.io/docs/transparent-data-encryption
>> )
>> > > >>> > >> >
>> > > >>> > >> > > >    3. Libraries/vendors for .NET nodes security?* Pavel
>> > > >>> Tupitsyn*,
>> > > >>> > >> > could
>> > > >>> > >> >
>> > > >>> > >> > > >    you check?
>> > > >>> > >> >
>> > > >>> > >> > > >    4. Libraries/vendors for C++ clients security (SSL,
>> > TLS,
>> > > >>> > anything
>> > > >>> > >> >
>> > > >>> > >> > > >    else?). *Igor Sapego*, could you please check?
>> > > >>> > >> >
>> > > >>> > >> > > >    5. Libraries/vendors for Python, PHP, Node.JS
>> SSL/TLS?
>> > > >>> *Dear
>> > > >>> > thin
>> > > >>> > >> >
>> > > >>> > >> > > >    client contributors*, please facilitate.
>> > > >>> > >> >
>> > > >>> > >> > > >    6. Anything else missing from the list? We don't
>> have
>> > any
>> > > >>> > custom
>> > > >>> > >> >
>> > > >>> > >> > > >    crypto features, right?
>> > > >>> > >> >
>> > > >>> > >> > > >
>> > > >>> > >> >
>> > > >>> > >> > > > All of these usages/integrations have to comply with
>> the
>> > > >>> following
>> > > >>> > >> >
>> > > >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a
>> notice to
>> > > >>> Export
>> > > >>> > >> >
>> > > >>> > >> > > > Administration Regulations of the U.S.A.
>> > > >>> > >> >
>> > > >>> > >> > > >
>> > > >>> > >> >
>> > > >>> > >> > > > [1] http://www.apache.org/licenses/exports/
>> > > >>> > >> >
>> > > >>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix
>> > > >>> > >> >
>> > > >>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify
>> > > >>> > >> >
>> > > >>> > >> > > >
>> > > >>> > >> >
>> > > >>> > >> > > >
>> > > >>> > >> >
>> > > >>> > >> > > > -
>> > > >>> > >> >
>> > > >>> > >> > > > Denis
>> > > >>> > >> >
>> > > >>> > >> > > >
>> > > >>> > >> >
>> > > >>> > >> > >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >> >
>> > > >>> > >>
>> > > >>> > >
>> > > >>> >
>> > > >>>
>> > > >>
>> > >
>> >
>>
>

Re: Signing off Ignite for export beyond the U.S.

[Denis Magda <dm...@apache.org>]

Dmitry,

I've updated the ASF website by including Ignite to the exports matrix [1].
Plus, notified the controlling U.S. entities on the matter.

Could you please do one more favor and help to close these two items
(flying on a plane and a poor Internet connection makes it impossible to
check them off on my end)?

   - Update README.txt in Ignite master with the content prepared earlier
   by you
   - Copy content of this doc [2] to Ignite Wiki

[1] http://www.apache.org/licenses/exports/
[2]
https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing

-
Denis


On Wed, Jun 19, 2019 at 2:47 PM Dmitriy Pavlov <dp...@apache.org> wrote:

> Pavel replied to me in private: encryption is available since 2.4 for .Net
> thin client.
>
> I've also modified source XML
>
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
>
>
> чт, 20 июн. 2019 г. в 00:10, Denis Magda <dm...@gridgain.com>:
>
> > Pavel,
> >
> > I still have no info related to starting version of .NET encryption
> > > support. So I supposed it was 1.5.
> >
> >
> > Could you please help with this last open item?
> >
> > Dmitry, thanks for the final summary. I'll contact ASF folks trying to
> find
> > the ASF website dev instructions.
> >
> >
> > --
> > Denis Magda
> >
> >
> > On Wed, Jun 19, 2019 at 11:35 AM Dmitriy Pavlov <dp...@apache.org>
> > wrote:
> >
> > > Hi Denis,
> > >
> > > I still have no info related to starting version of .NET encryption
> > > support. So I supposed it was 1.5.
> > >
> > > I've started both XSTLs and added an example of both XLTs output to
> > google
> > > doc tabs. One transformer is for email template generation (requires
> > > project name), another is for the site table.
> > >
> > > Only one TODO now left in the PR version of the update. All other stuff
> > is
> > > ready for publishing:
> > >
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
> > >
> > > Sincerely,
> > > Dmitriy Pavlov
> > >
> > > P.S. I'm not sure that dev. the list will keep formatting, but anyway
> > here
> > > is transformer output example as text.
> > >
> > > Apache Ignite Project
> > > Product Name Versions ECCN
> > > Controlled Source
> > > Apache Ignite development 5D002
> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft,
> > Inc.,
> > > The Eclipse Foundation
> > > 2.5.0 - latest 5D002
> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft,
> > Inc.,
> > > The Eclipse Foundation
> > > 1.5.0.final - 2.4.0 5D002
> > > ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse
> > > Foundation
> > > 1.0.0 - 1.5.0-b1 5D002
> > > ASF, Oracle, JCraft, Inc., The Eclipse Foundation
> > >
> > > ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <dp...@apache.org>:
> > >
> > > > Igniters,
> > > >
> > > > as for older versions, I've started to collect information of crypto
> > > > providers usages in older versions, please help me to finalize this
> doc
> > > so
> > > > I could prepare a declaration of older versions.
> > > >
> > > >
> > > >
> > >
> >
> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
> > > >
> > > > I'm not sure if the time of Incubation counts, but, anyway, let'
> > collect
> > > > information about the history of modules.
> > > >
> > > > Sincerely,
> > > > Dmitriy Pavlov
> > > >
> > > > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <dp...@apache.org>:
> > > >
> > > >> Hi Denis,
> > > >>
> > > >> Build process seems to be mentioned only here
> > > >> https://www.apache.org/dev/crypto.html#sources It also mentions
> some
> > > >> bisnotice XSLT transformation, which is available at SVN here
> > > >>
> > >
> >
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/
> > > >>
> > > >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from
> > > >>
> > >
> >
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
> > > >> is more appropriate. I will test it locally.
> > > >>
> > > >> The only thing I've found for now is the following scripts at the
> root
> > > of
> > > >> SVN here
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/
> > > >> bisnotice.cmd
> > > >> bisnotice.sh
> > > >>
> > > >> Sincerely,
> > > >> Dmitriy Pavlov
> > > >>
> > > >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <dm...@apache.org>:
> > > >>
> > > >>> Dmitriy,
> > > >>>
> > > >>> I think that it's required to enlist all of the publicly released
> > > Ignite
> > > >>> versions (available for download from the website). It means that
> the
> > > XML
> > > >>> should have the following controlled sources grouped by Ignite
> > > versions'
> > > >>> ranges.
> > > >>>
> > > >>>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse
> > > Foundation
> > > >>>    - Ignite 1.5.0 and later: all of the controller versions listed
> by
> > > >>> you.
> > > >>>
> > > >>> Not sure about JCraft only. What was the first Ignite version the
> lib
> > > was
> > > >>> added to?
> > > >>>
> > > >>> As for .NET versions declarations, I'm for the way it handled right
> > now
> > > >>> by
> > > >>> you. Btw, do you know where ASF explains the website build process?
> > > >>> Failed
> > > >>> to find it, it's not enough just to update the XML.
> > > >>>
> > > >>> Finally, looping in Garrett who can help with the editorial review.
> > > >>> Garrett, could you please review README.txt from this pull-request?
> > > >>>
> > > >>>
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> > > >>>
> > > >>>
> > > >>> -
> > > >>> Denis
> > > >>>
> > > >>>
> > > >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <dpavlov@apache.org
> >
> > > >>> wrote:
> > > >>>
> > > >>> > Igniters,
> > > >>> >
> > > >>> > please review crypto notice in
> > > >>> >
> > > >>> >
> > > >>>
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> > > >>> >
> > > >>> > Only 2 open questions: about declaring released versions, and
> about
> > > >>> > declaring .NET versions (.NET Core & . NET Classic). By default,
> I
> > > >>> propose
> > > >>> > to keep both.
> > > >>> >
> > > >>> > Sincerely,
> > > >>> > Dmitriy Pavlov
> > > >>> >
> > > >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <dpavlov@apache.org
> >:
> > > >>> >
> > > >>> > > Pavel,
> > > >>> > >
> > > >>> > > we need to follow the process from
> > > >>> > > https://www.apache.org/dev/crypto.html#classify
> > > >>> > >
> > > >>> > > Please see similar products in the draft export matrix,
> > > >>> > >
> > > >>> > >
> > > >>> >
> > > >>>
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
> > > >>> > >
> > > >>> > >
> > > >>> > > We don't ship JDK, but we designed our product to use a
> > > cryptographic
> > > >>> > > feature from this 3rd party product, so we need to follow this
> > > >>> process
> > > >>> > and
> > > >>> > > provide matrix update, add CRYPTO notice (I'll draft it).
> > > >>> > >
> > > >>> > > Other products don't declare all possible JDKs -
> > > >>> > > http://www.apache.org/licenses/exports/#matrix So, probably,
> one
> > > >>> > > declaration of .NET classic (Microsoft) would be enough.
> > > >>> > >
> > > >>> > > Sincerely,
> > > >>> > > Dmitriy Pavlov
> > > >>> > >
> > > >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <
> > ptupitsyn@apache.org
> > > >:
> > > >>> > >
> > > >>> > >> >>Should it go instead of Microsoft? Should we mention .NET
> code
> > > in
> > > >>> > >> addition
> > > >>> > >>
> > > >>> > >> >>to Microsoft?
> > > >>> > >>
> > > >>> > >>
> > > >>> > >>
> > > >>> > >> >Yes, I think we can do this. Ignite targets both of the them.
> > And
> > > >>> .NET
> > > >>> > >> Core uses it’s own implementation of standard class library[1]
> > > >>> > >>
> > > >>> > >> >Pavel may correct me.
> > > >>> > >>
> > > >>> > >>
> > > >>> > >> We use crypto APIs from standard class library. We ship our
> > > >>> binaries,
> > > >>> > but
> > > >>> > >> we don't ship the framework binaries.
> > > >>> > >>
> > > >>> > >> Our binaries can be executed with .NET Core (open-source, MIT
> > > >>> license),
> > > >>> > >> Mono (open-source, MIT license), and .NET Classic (old
> > framework,
> > > >>> > >> Windows-only, Microsoft license).
> > > >>> > >>
> > > >>> > >> I'm still not sure what is the question we are trying to
> answer,
> > > >>> though.
> > > >>> > >>
> > > >>> > >>
> > > >>> > >> Thanks,
> > > >>> > >>
> > > >>> > >> Pavel
> > > >>> > >>
> > > >>> > >>
> > > >>> > >>
> > > >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <
> > > lexwert@gmail.com
> > > >>> >
> > > >>> > >> wrote:
> > > >>> > >>
> > > >>> > >> > >1) Declaring older versions of Ignite.
> > > >>> > >> >
> > > >>> > >> > >2) Is it correct to mention that Ignite uses .NET core
> > > >>> controlled by
> > > >>> > >> .NET
> > > >>> > >> >
> > > >>> > >> > >Foundation? E.g. as follows:
> > > >>> > >> >
> > > >>> > >> > >(controlled by)
> > > >>> > >> >
> > > >>> > >> > >.NET Foundation
> > > >>> > >> >
> > > >>> > >> > >title=Designed to use .NET Framework Cryptography Model
> > > >>> > >> >
> > > >>> > >> > >href=https://dotnetfoundation.org/projects
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > >Should it go instead of Microsoft? Should we mention .NET
> > code
> > > in
> > > >>> > >> addition
> > > >>> > >> >
> > > >>> > >> > >to Microsoft?
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Yes, I think we can do this. Ignite targets both of the
> them.
> > > And
> > > >>> .NET
> > > >>> > >> > Core uses it’s own implementation of standard class
> library[1]
> > > >>> > >> >
> > > >>> > >> > Pavel may correct me.
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > [1] https://github.com/dotnet/corefx
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > *From: *Dmitriy Pavlov <dp...@apache.org>
> > > >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
> > > >>> > >> > *To: *dev <de...@ignite.apache.org>
> > > >>> > >> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <
> > > >>> > isapego@apache.org>;
> > > >>> > >> Pavel
> > > >>> > >> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <
> > > >>> nizhikov@apache.org>
> > > >>> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S.
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Thanks, Pavel!
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Denis, Pavel, Igniters, please review the following
> proposal:
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage.
> > > >>> > >> >
> > > >>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE
> > usage.
> > > >>> > >> >
> > > >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage.
> > > >>> > >> >
> > > >>> > >> > - TDE to be declared as JCA/JCE
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Export matrix data to be published in ASF-level SVN:
> > > >>> > >> >
> > > >>> > >> > <<<<<
> > > >>> > >> >
> > > >>> > >> > Product Name
> > > >>> > >> >
> > > >>> > >> > Apache Ignite
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Versions
> > > >>> > >> >
> > > >>> > >> > development
> > > >>> > >> >
> > > >>> > >> > 2.7 and later <Earlier versions-TBD?>
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > ECCN
> > > >>> > >> >
> > > >>> > >> > 5D002
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Controlled source
> > > >>> > >> >
> > > >>> > >> > ASF
> > > >>> > >> >
> > > >>> > >> > title=Designed to use with built-in Java Cryptography
> > > Architecture
> > > >>> > (JCA)
> > > >>> > >> >
> > > >>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Oracle
> > > >>> > >> >
> > > >>> > >> > title=Designed to use with built-in Java encryption
> libraries
> > > >>> (JCE)
> > > >>> > >> >
> > > >>> > >> > href=
> > > >>> > >>
> > > https://www.oracle.com/technetwork/java/javase/downloads/index.html
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > The OpenSSL Project
> > > >>> > >> >
> > > >>> > >> > title=Designed to use General Purpose cryptography library
> > > >>> included
> > > >>> > with
> > > >>> > >> >
> > > >>> > >> > OpenSSL
> > > >>> > >> >
> > > >>> > >> > href=https://www.openssl.org/source/
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Microsoft
> > > >>> > >> >
> > > >>> > >> > title=Designed to use .NET Framework Cryptography Model
> > > >>> > >> >
> > > >>> > >> > href=https://dotnet.microsoft.com/download
> > > >>> > >> >
> > > >>> > >> > >>>>>>
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Open questions:
> > > >>> > >> >
> > > >>> > >> > 1) Declaring older versions of Ignite.
> > > >>> > >> >
> > > >>> > >> > 2) Is it correct to mention that Ignite uses .NET core
> > > controlled
> > > >>> by
> > > >>> > >> .NET
> > > >>> > >> >
> > > >>> > >> > Foundation? E.g. as follows:
> > > >>> > >> >
> > > >>> > >> > (controlled by)
> > > >>> > >> >
> > > >>> > >> > .NET Foundation
> > > >>> > >> >
> > > >>> > >> > title=Designed to use .NET Framework Cryptography Model
> > > >>> > >> >
> > > >>> > >> > href=https://dotnetfoundation.org/projects
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Should it go instead of Microsoft? Should we mention .NET
> code
> > > in
> > > >>> > >> addition
> > > >>> > >> >
> > > >>> > >> > to Microsoft?
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Sincerely,
> > > >>> > >> >
> > > >>> > >> > Dmitriy Pavlov
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <
> > > ptupitsyn@apache.org
> > > >>> >:
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > > Hi Denis,
> > > >>> > >> >
> > > >>> > >> > >
> > > >>> > >> >
> > > >>> > >> > > Ignite.NET uses .NET Framework Standard Library for all
> > > >>> security and
> > > >>> > >> >
> > > >>> > >> > > cryptographic related code. There are no dependencies on
> > > >>> external
> > > >>> > >> >
> > > >>> > >> > > libraries.
> > > >>> > >> >
> > > >>> > >> > >
> > > >>> > >> >
> > > >>> > >> > > Thanks
> > > >>> > >> >
> > > >>> > >> > >
> > > >>> > >> >
> > > >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <dmagda@apache.org
> >:
> > > >>> > >> >
> > > >>> > >> > >
> > > >>> > >> >
> > > >>> > >> > > > Igniters,
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > > Regardless of the fact that Ignite is an open source
> > > >>> software, ASF
> > > >>> > >> as
> > > >>> > >> > an
> > > >>> > >> >
> > > >>> > >> > > > entity based in the U.S. has to comply with certain
> > > exporting
> > > >>> > >> > regulations
> > > >>> > >> >
> > > >>> > >> > > > [1].
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the
> > > table
> > > >>> [2]
> > > >>> > of
> > > >>> > >> >
> > > >>> > >> > > > projects allowed for export and might need the
> assistance
> > of
> > > >>> some
> > > >>> > of
> > > >>> > >> > you.
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > > Here is a list of cryptographic functions used by Ignite
> > > (and
> > > >>> > >> provided
> > > >>> > >> > by
> > > >>> > >> >
> > > >>> > >> > > > a 3rd party vendor):
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > >    1. JDK SSL/TLS libraries if a user wishes to enable
> > > secured
> > > >>> > >> >
> > > >>> > >> > > >    connectivity between cluster nodes. Manufacturer -
> > > >>> > >> Oracle/OpenJDK (
> > > >>> > >> >
> > > >>> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
> > > >>> > >> >
> > > >>> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the Java
> > > >>> libraries
> > > >>> > >> for
> > > >>> > >> >
> > > >>> > >> > > >    transparent data encryption of data on disk (
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > https://apacheignite.readme.io/docs/transparent-data-encryption)
> > > >>> > >> >
> > > >>> > >> > > >    3. Libraries/vendors for .NET nodes security?* Pavel
> > > >>> Tupitsyn*,
> > > >>> > >> > could
> > > >>> > >> >
> > > >>> > >> > > >    you check?
> > > >>> > >> >
> > > >>> > >> > > >    4. Libraries/vendors for C++ clients security (SSL,
> > TLS,
> > > >>> > anything
> > > >>> > >> >
> > > >>> > >> > > >    else?). *Igor Sapego*, could you please check?
> > > >>> > >> >
> > > >>> > >> > > >    5. Libraries/vendors for Python, PHP, Node.JS
> SSL/TLS?
> > > >>> *Dear
> > > >>> > thin
> > > >>> > >> >
> > > >>> > >> > > >    client contributors*, please facilitate.
> > > >>> > >> >
> > > >>> > >> > > >    6. Anything else missing from the list? We don't have
> > any
> > > >>> > custom
> > > >>> > >> >
> > > >>> > >> > > >    crypto features, right?
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > > All of these usages/integrations have to comply with the
> > > >>> following
> > > >>> > >> >
> > > >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice
> to
> > > >>> Export
> > > >>> > >> >
> > > >>> > >> > > > Administration Regulations of the U.S.A.
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > > [1] http://www.apache.org/licenses/exports/
> > > >>> > >> >
> > > >>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix
> > > >>> > >> >
> > > >>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > > -
> > > >>> > >> >
> > > >>> > >> > > > Denis
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >>
> > > >>> > >
> > > >>> >
> > > >>>
> > > >>
> > >
> >
>

Re: Signing off Ignite for export beyond the U.S.

[Dmitriy Pavlov <dp...@apache.org>]

Pavel replied to me in private: encryption is available since 2.4 for .Net
thin client.

I've also modified source XML
https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8


чт, 20 июн. 2019 г. в 00:10, Denis Magda <dm...@gridgain.com>:

> Pavel,
>
> I still have no info related to starting version of .NET encryption
> > support. So I supposed it was 1.5.
>
>
> Could you please help with this last open item?
>
> Dmitry, thanks for the final summary. I'll contact ASF folks trying to find
> the ASF website dev instructions.
>
>
> --
> Denis Magda
>
>
> On Wed, Jun 19, 2019 at 11:35 AM Dmitriy Pavlov <dp...@apache.org>
> wrote:
>
> > Hi Denis,
> >
> > I still have no info related to starting version of .NET encryption
> > support. So I supposed it was 1.5.
> >
> > I've started both XSTLs and added an example of both XLTs output to
> google
> > doc tabs. One transformer is for email template generation (requires
> > project name), another is for the site table.
> >
> > Only one TODO now left in the PR version of the update. All other stuff
> is
> > ready for publishing:
> >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
> >
> > Sincerely,
> > Dmitriy Pavlov
> >
> > P.S. I'm not sure that dev. the list will keep formatting, but anyway
> here
> > is transformer output example as text.
> >
> > Apache Ignite Project
> > Product Name Versions ECCN
> > Controlled Source
> > Apache Ignite development 5D002
> > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft,
> Inc.,
> > The Eclipse Foundation
> > 2.5.0 - latest 5D002
> > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft,
> Inc.,
> > The Eclipse Foundation
> > 1.5.0.final - 2.4.0 5D002
> > ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse
> > Foundation
> > 1.0.0 - 1.5.0-b1 5D002
> > ASF, Oracle, JCraft, Inc., The Eclipse Foundation
> >
> > ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <dp...@apache.org>:
> >
> > > Igniters,
> > >
> > > as for older versions, I've started to collect information of crypto
> > > providers usages in older versions, please help me to finalize this doc
> > so
> > > I could prepare a declaration of older versions.
> > >
> > >
> > >
> >
> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
> > >
> > > I'm not sure if the time of Incubation counts, but, anyway, let'
> collect
> > > information about the history of modules.
> > >
> > > Sincerely,
> > > Dmitriy Pavlov
> > >
> > > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <dp...@apache.org>:
> > >
> > >> Hi Denis,
> > >>
> > >> Build process seems to be mentioned only here
> > >> https://www.apache.org/dev/crypto.html#sources It also mentions some
> > >> bisnotice XSLT transformation, which is available at SVN here
> > >>
> >
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/
> > >>
> > >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from
> > >>
> >
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
> > >> is more appropriate. I will test it locally.
> > >>
> > >> The only thing I've found for now is the following scripts at the root
> > of
> > >> SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/
> > >> bisnotice.cmd
> > >> bisnotice.sh
> > >>
> > >> Sincerely,
> > >> Dmitriy Pavlov
> > >>
> > >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <dm...@apache.org>:
> > >>
> > >>> Dmitriy,
> > >>>
> > >>> I think that it's required to enlist all of the publicly released
> > Ignite
> > >>> versions (available for download from the website). It means that the
> > XML
> > >>> should have the following controlled sources grouped by Ignite
> > versions'
> > >>> ranges.
> > >>>
> > >>>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse
> > Foundation
> > >>>    - Ignite 1.5.0 and later: all of the controller versions listed by
> > >>> you.
> > >>>
> > >>> Not sure about JCraft only. What was the first Ignite version the lib
> > was
> > >>> added to?
> > >>>
> > >>> As for .NET versions declarations, I'm for the way it handled right
> now
> > >>> by
> > >>> you. Btw, do you know where ASF explains the website build process?
> > >>> Failed
> > >>> to find it, it's not enough just to update the XML.
> > >>>
> > >>> Finally, looping in Garrett who can help with the editorial review.
> > >>> Garrett, could you please review README.txt from this pull-request?
> > >>>
> > >>>
> >
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> > >>>
> > >>>
> > >>> -
> > >>> Denis
> > >>>
> > >>>
> > >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <dp...@apache.org>
> > >>> wrote:
> > >>>
> > >>> > Igniters,
> > >>> >
> > >>> > please review crypto notice in
> > >>> >
> > >>> >
> > >>>
> >
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> > >>> >
> > >>> > Only 2 open questions: about declaring released versions, and about
> > >>> > declaring .NET versions (.NET Core & . NET Classic). By default, I
> > >>> propose
> > >>> > to keep both.
> > >>> >
> > >>> > Sincerely,
> > >>> > Dmitriy Pavlov
> > >>> >
> > >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <dp...@apache.org>:
> > >>> >
> > >>> > > Pavel,
> > >>> > >
> > >>> > > we need to follow the process from
> > >>> > > https://www.apache.org/dev/crypto.html#classify
> > >>> > >
> > >>> > > Please see similar products in the draft export matrix,
> > >>> > >
> > >>> > >
> > >>> >
> > >>>
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
> > >>> > >
> > >>> > >
> > >>> > > We don't ship JDK, but we designed our product to use a
> > cryptographic
> > >>> > > feature from this 3rd party product, so we need to follow this
> > >>> process
> > >>> > and
> > >>> > > provide matrix update, add CRYPTO notice (I'll draft it).
> > >>> > >
> > >>> > > Other products don't declare all possible JDKs -
> > >>> > > http://www.apache.org/licenses/exports/#matrix So, probably, one
> > >>> > > declaration of .NET classic (Microsoft) would be enough.
> > >>> > >
> > >>> > > Sincerely,
> > >>> > > Dmitriy Pavlov
> > >>> > >
> > >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <
> ptupitsyn@apache.org
> > >:
> > >>> > >
> > >>> > >> >>Should it go instead of Microsoft? Should we mention .NET code
> > in
> > >>> > >> addition
> > >>> > >>
> > >>> > >> >>to Microsoft?
> > >>> > >>
> > >>> > >>
> > >>> > >>
> > >>> > >> >Yes, I think we can do this. Ignite targets both of the them.
> And
> > >>> .NET
> > >>> > >> Core uses it’s own implementation of standard class library[1]
> > >>> > >>
> > >>> > >> >Pavel may correct me.
> > >>> > >>
> > >>> > >>
> > >>> > >> We use crypto APIs from standard class library. We ship our
> > >>> binaries,
> > >>> > but
> > >>> > >> we don't ship the framework binaries.
> > >>> > >>
> > >>> > >> Our binaries can be executed with .NET Core (open-source, MIT
> > >>> license),
> > >>> > >> Mono (open-source, MIT license), and .NET Classic (old
> framework,
> > >>> > >> Windows-only, Microsoft license).
> > >>> > >>
> > >>> > >> I'm still not sure what is the question we are trying to answer,
> > >>> though.
> > >>> > >>
> > >>> > >>
> > >>> > >> Thanks,
> > >>> > >>
> > >>> > >> Pavel
> > >>> > >>
> > >>> > >>
> > >>> > >>
> > >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <
> > lexwert@gmail.com
> > >>> >
> > >>> > >> wrote:
> > >>> > >>
> > >>> > >> > >1) Declaring older versions of Ignite.
> > >>> > >> >
> > >>> > >> > >2) Is it correct to mention that Ignite uses .NET core
> > >>> controlled by
> > >>> > >> .NET
> > >>> > >> >
> > >>> > >> > >Foundation? E.g. as follows:
> > >>> > >> >
> > >>> > >> > >(controlled by)
> > >>> > >> >
> > >>> > >> > >.NET Foundation
> > >>> > >> >
> > >>> > >> > >title=Designed to use .NET Framework Cryptography Model
> > >>> > >> >
> > >>> > >> > >href=https://dotnetfoundation.org/projects
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > >Should it go instead of Microsoft? Should we mention .NET
> code
> > in
> > >>> > >> addition
> > >>> > >> >
> > >>> > >> > >to Microsoft?
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > Yes, I think we can do this. Ignite targets both of the them.
> > And
> > >>> .NET
> > >>> > >> > Core uses it’s own implementation of standard class library[1]
> > >>> > >> >
> > >>> > >> > Pavel may correct me.
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > [1] https://github.com/dotnet/corefx
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > *From: *Dmitriy Pavlov <dp...@apache.org>
> > >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
> > >>> > >> > *To: *dev <de...@ignite.apache.org>
> > >>> > >> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <
> > >>> > isapego@apache.org>;
> > >>> > >> Pavel
> > >>> > >> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <
> > >>> nizhikov@apache.org>
> > >>> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S.
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > Thanks, Pavel!
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > Denis, Pavel, Igniters, please review the following proposal:
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage.
> > >>> > >> >
> > >>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE
> usage.
> > >>> > >> >
> > >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage.
> > >>> > >> >
> > >>> > >> > - TDE to be declared as JCA/JCE
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > Export matrix data to be published in ASF-level SVN:
> > >>> > >> >
> > >>> > >> > <<<<<
> > >>> > >> >
> > >>> > >> > Product Name
> > >>> > >> >
> > >>> > >> > Apache Ignite
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > Versions
> > >>> > >> >
> > >>> > >> > development
> > >>> > >> >
> > >>> > >> > 2.7 and later <Earlier versions-TBD?>
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > ECCN
> > >>> > >> >
> > >>> > >> > 5D002
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > Controlled source
> > >>> > >> >
> > >>> > >> > ASF
> > >>> > >> >
> > >>> > >> > title=Designed to use with built-in Java Cryptography
> > Architecture
> > >>> > (JCA)
> > >>> > >> >
> > >>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > Oracle
> > >>> > >> >
> > >>> > >> > title=Designed to use with built-in Java encryption libraries
> > >>> (JCE)
> > >>> > >> >
> > >>> > >> > href=
> > >>> > >>
> > https://www.oracle.com/technetwork/java/javase/downloads/index.html
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > The OpenSSL Project
> > >>> > >> >
> > >>> > >> > title=Designed to use General Purpose cryptography library
> > >>> included
> > >>> > with
> > >>> > >> >
> > >>> > >> > OpenSSL
> > >>> > >> >
> > >>> > >> > href=https://www.openssl.org/source/
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > Microsoft
> > >>> > >> >
> > >>> > >> > title=Designed to use .NET Framework Cryptography Model
> > >>> > >> >
> > >>> > >> > href=https://dotnet.microsoft.com/download
> > >>> > >> >
> > >>> > >> > >>>>>>
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > Open questions:
> > >>> > >> >
> > >>> > >> > 1) Declaring older versions of Ignite.
> > >>> > >> >
> > >>> > >> > 2) Is it correct to mention that Ignite uses .NET core
> > controlled
> > >>> by
> > >>> > >> .NET
> > >>> > >> >
> > >>> > >> > Foundation? E.g. as follows:
> > >>> > >> >
> > >>> > >> > (controlled by)
> > >>> > >> >
> > >>> > >> > .NET Foundation
> > >>> > >> >
> > >>> > >> > title=Designed to use .NET Framework Cryptography Model
> > >>> > >> >
> > >>> > >> > href=https://dotnetfoundation.org/projects
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > Should it go instead of Microsoft? Should we mention .NET code
> > in
> > >>> > >> addition
> > >>> > >> >
> > >>> > >> > to Microsoft?
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > Sincerely,
> > >>> > >> >
> > >>> > >> > Dmitriy Pavlov
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <
> > ptupitsyn@apache.org
> > >>> >:
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> > > Hi Denis,
> > >>> > >> >
> > >>> > >> > >
> > >>> > >> >
> > >>> > >> > > Ignite.NET uses .NET Framework Standard Library for all
> > >>> security and
> > >>> > >> >
> > >>> > >> > > cryptographic related code. There are no dependencies on
> > >>> external
> > >>> > >> >
> > >>> > >> > > libraries.
> > >>> > >> >
> > >>> > >> > >
> > >>> > >> >
> > >>> > >> > > Thanks
> > >>> > >> >
> > >>> > >> > >
> > >>> > >> >
> > >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:
> > >>> > >> >
> > >>> > >> > >
> > >>> > >> >
> > >>> > >> > > > Igniters,
> > >>> > >> >
> > >>> > >> > > >
> > >>> > >> >
> > >>> > >> > > > Regardless of the fact that Ignite is an open source
> > >>> software, ASF
> > >>> > >> as
> > >>> > >> > an
> > >>> > >> >
> > >>> > >> > > > entity based in the U.S. has to comply with certain
> > exporting
> > >>> > >> > regulations
> > >>> > >> >
> > >>> > >> > > > [1].
> > >>> > >> >
> > >>> > >> > > >
> > >>> > >> >
> > >>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the
> > table
> > >>> [2]
> > >>> > of
> > >>> > >> >
> > >>> > >> > > > projects allowed for export and might need the assistance
> of
> > >>> some
> > >>> > of
> > >>> > >> > you.
> > >>> > >> >
> > >>> > >> > > >
> > >>> > >> >
> > >>> > >> > > > Here is a list of cryptographic functions used by Ignite
> > (and
> > >>> > >> provided
> > >>> > >> > by
> > >>> > >> >
> > >>> > >> > > > a 3rd party vendor):
> > >>> > >> >
> > >>> > >> > > >
> > >>> > >> >
> > >>> > >> > > >    1. JDK SSL/TLS libraries if a user wishes to enable
> > secured
> > >>> > >> >
> > >>> > >> > > >    connectivity between cluster nodes. Manufacturer -
> > >>> > >> Oracle/OpenJDK (
> > >>> > >> >
> > >>> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
> > >>> > >> >
> > >>> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the Java
> > >>> libraries
> > >>> > >> for
> > >>> > >> >
> > >>> > >> > > >    transparent data encryption of data on disk (
> > >>> > >> >
> > >>> > >> > > >
> > >>> > https://apacheignite.readme.io/docs/transparent-data-encryption)
> > >>> > >> >
> > >>> > >> > > >    3. Libraries/vendors for .NET nodes security?* Pavel
> > >>> Tupitsyn*,
> > >>> > >> > could
> > >>> > >> >
> > >>> > >> > > >    you check?
> > >>> > >> >
> > >>> > >> > > >    4. Libraries/vendors for C++ clients security (SSL,
> TLS,
> > >>> > anything
> > >>> > >> >
> > >>> > >> > > >    else?). *Igor Sapego*, could you please check?
> > >>> > >> >
> > >>> > >> > > >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS?
> > >>> *Dear
> > >>> > thin
> > >>> > >> >
> > >>> > >> > > >    client contributors*, please facilitate.
> > >>> > >> >
> > >>> > >> > > >    6. Anything else missing from the list? We don't have
> any
> > >>> > custom
> > >>> > >> >
> > >>> > >> > > >    crypto features, right?
> > >>> > >> >
> > >>> > >> > > >
> > >>> > >> >
> > >>> > >> > > > All of these usages/integrations have to comply with the
> > >>> following
> > >>> > >> >
> > >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to
> > >>> Export
> > >>> > >> >
> > >>> > >> > > > Administration Regulations of the U.S.A.
> > >>> > >> >
> > >>> > >> > > >
> > >>> > >> >
> > >>> > >> > > > [1] http://www.apache.org/licenses/exports/
> > >>> > >> >
> > >>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix
> > >>> > >> >
> > >>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify
> > >>> > >> >
> > >>> > >> > > >
> > >>> > >> >
> > >>> > >> > > >
> > >>> > >> >
> > >>> > >> > > > -
> > >>> > >> >
> > >>> > >> > > > Denis
> > >>> > >> >
> > >>> > >> > > >
> > >>> > >> >
> > >>> > >> > >
> > >>> > >> >
> > >>> > >> >
> > >>> > >> >
> > >>> > >>
> > >>> > >
> > >>> >
> > >>>
> > >>
> >
>

Re: Signing off Ignite for export beyond the U.S.

[Denis Magda <dm...@gridgain.com>]

Pavel,

I still have no info related to starting version of .NET encryption
> support. So I supposed it was 1.5.


Could you please help with this last open item?

Dmitry, thanks for the final summary. I'll contact ASF folks trying to find
the ASF website dev instructions.


--
Denis Magda


On Wed, Jun 19, 2019 at 11:35 AM Dmitriy Pavlov <dp...@apache.org> wrote:

> Hi Denis,
>
> I still have no info related to starting version of .NET encryption
> support. So I supposed it was 1.5.
>
> I've started both XSTLs and added an example of both XLTs output to google
> doc tabs. One transformer is for email template generation (requires
> project name), another is for the site table.
>
> Only one TODO now left in the PR version of the update. All other stuff is
> ready for publishing:
>
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
>
> Sincerely,
> Dmitriy Pavlov
>
> P.S. I'm not sure that dev. the list will keep formatting, but anyway here
> is transformer output example as text.
>
> Apache Ignite Project
> Product Name Versions ECCN
> Controlled Source
> Apache Ignite development 5D002
> ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, Inc.,
> The Eclipse Foundation
> 2.5.0 - latest 5D002
> ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, Inc.,
> The Eclipse Foundation
> 1.5.0.final - 2.4.0 5D002
> ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse
> Foundation
> 1.0.0 - 1.5.0-b1 5D002
> ASF, Oracle, JCraft, Inc., The Eclipse Foundation
>
> ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <dp...@apache.org>:
>
> > Igniters,
> >
> > as for older versions, I've started to collect information of crypto
> > providers usages in older versions, please help me to finalize this doc
> so
> > I could prepare a declaration of older versions.
> >
> >
> >
> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
> >
> > I'm not sure if the time of Incubation counts, but, anyway, let' collect
> > information about the history of modules.
> >
> > Sincerely,
> > Dmitriy Pavlov
> >
> > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <dp...@apache.org>:
> >
> >> Hi Denis,
> >>
> >> Build process seems to be mentioned only here
> >> https://www.apache.org/dev/crypto.html#sources It also mentions some
> >> bisnotice XSLT transformation, which is available at SVN here
> >>
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/
> >>
> >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from
> >>
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
> >> is more appropriate. I will test it locally.
> >>
> >> The only thing I've found for now is the following scripts at the root
> of
> >> SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/
> >> bisnotice.cmd
> >> bisnotice.sh
> >>
> >> Sincerely,
> >> Dmitriy Pavlov
> >>
> >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <dm...@apache.org>:
> >>
> >>> Dmitriy,
> >>>
> >>> I think that it's required to enlist all of the publicly released
> Ignite
> >>> versions (available for download from the website). It means that the
> XML
> >>> should have the following controlled sources grouped by Ignite
> versions'
> >>> ranges.
> >>>
> >>>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse
> Foundation
> >>>    - Ignite 1.5.0 and later: all of the controller versions listed by
> >>> you.
> >>>
> >>> Not sure about JCraft only. What was the first Ignite version the lib
> was
> >>> added to?
> >>>
> >>> As for .NET versions declarations, I'm for the way it handled right now
> >>> by
> >>> you. Btw, do you know where ASF explains the website build process?
> >>> Failed
> >>> to find it, it's not enough just to update the XML.
> >>>
> >>> Finally, looping in Garrett who can help with the editorial review.
> >>> Garrett, could you please review README.txt from this pull-request?
> >>>
> >>>
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> >>>
> >>>
> >>> -
> >>> Denis
> >>>
> >>>
> >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <dp...@apache.org>
> >>> wrote:
> >>>
> >>> > Igniters,
> >>> >
> >>> > please review crypto notice in
> >>> >
> >>> >
> >>>
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> >>> >
> >>> > Only 2 open questions: about declaring released versions, and about
> >>> > declaring .NET versions (.NET Core & . NET Classic). By default, I
> >>> propose
> >>> > to keep both.
> >>> >
> >>> > Sincerely,
> >>> > Dmitriy Pavlov
> >>> >
> >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <dp...@apache.org>:
> >>> >
> >>> > > Pavel,
> >>> > >
> >>> > > we need to follow the process from
> >>> > > https://www.apache.org/dev/crypto.html#classify
> >>> > >
> >>> > > Please see similar products in the draft export matrix,
> >>> > >
> >>> > >
> >>> >
> >>>
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
> >>> > >
> >>> > >
> >>> > > We don't ship JDK, but we designed our product to use a
> cryptographic
> >>> > > feature from this 3rd party product, so we need to follow this
> >>> process
> >>> > and
> >>> > > provide matrix update, add CRYPTO notice (I'll draft it).
> >>> > >
> >>> > > Other products don't declare all possible JDKs -
> >>> > > http://www.apache.org/licenses/exports/#matrix So, probably, one
> >>> > > declaration of .NET classic (Microsoft) would be enough.
> >>> > >
> >>> > > Sincerely,
> >>> > > Dmitriy Pavlov
> >>> > >
> >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <ptupitsyn@apache.org
> >:
> >>> > >
> >>> > >> >>Should it go instead of Microsoft? Should we mention .NET code
> in
> >>> > >> addition
> >>> > >>
> >>> > >> >>to Microsoft?
> >>> > >>
> >>> > >>
> >>> > >>
> >>> > >> >Yes, I think we can do this. Ignite targets both of the them. And
> >>> .NET
> >>> > >> Core uses it’s own implementation of standard class library[1]
> >>> > >>
> >>> > >> >Pavel may correct me.
> >>> > >>
> >>> > >>
> >>> > >> We use crypto APIs from standard class library. We ship our
> >>> binaries,
> >>> > but
> >>> > >> we don't ship the framework binaries.
> >>> > >>
> >>> > >> Our binaries can be executed with .NET Core (open-source, MIT
> >>> license),
> >>> > >> Mono (open-source, MIT license), and .NET Classic (old framework,
> >>> > >> Windows-only, Microsoft license).
> >>> > >>
> >>> > >> I'm still not sure what is the question we are trying to answer,
> >>> though.
> >>> > >>
> >>> > >>
> >>> > >> Thanks,
> >>> > >>
> >>> > >> Pavel
> >>> > >>
> >>> > >>
> >>> > >>
> >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <
> lexwert@gmail.com
> >>> >
> >>> > >> wrote:
> >>> > >>
> >>> > >> > >1) Declaring older versions of Ignite.
> >>> > >> >
> >>> > >> > >2) Is it correct to mention that Ignite uses .NET core
> >>> controlled by
> >>> > >> .NET
> >>> > >> >
> >>> > >> > >Foundation? E.g. as follows:
> >>> > >> >
> >>> > >> > >(controlled by)
> >>> > >> >
> >>> > >> > >.NET Foundation
> >>> > >> >
> >>> > >> > >title=Designed to use .NET Framework Cryptography Model
> >>> > >> >
> >>> > >> > >href=https://dotnetfoundation.org/projects
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > >Should it go instead of Microsoft? Should we mention .NET code
> in
> >>> > >> addition
> >>> > >> >
> >>> > >> > >to Microsoft?
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > Yes, I think we can do this. Ignite targets both of the them.
> And
> >>> .NET
> >>> > >> > Core uses it’s own implementation of standard class library[1]
> >>> > >> >
> >>> > >> > Pavel may correct me.
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > [1] https://github.com/dotnet/corefx
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > *From: *Dmitriy Pavlov <dp...@apache.org>
> >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
> >>> > >> > *To: *dev <de...@ignite.apache.org>
> >>> > >> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <
> >>> > isapego@apache.org>;
> >>> > >> Pavel
> >>> > >> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <
> >>> nizhikov@apache.org>
> >>> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S.
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > Thanks, Pavel!
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > Denis, Pavel, Igniters, please review the following proposal:
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage.
> >>> > >> >
> >>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage.
> >>> > >> >
> >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage.
> >>> > >> >
> >>> > >> > - TDE to be declared as JCA/JCE
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > Export matrix data to be published in ASF-level SVN:
> >>> > >> >
> >>> > >> > <<<<<
> >>> > >> >
> >>> > >> > Product Name
> >>> > >> >
> >>> > >> > Apache Ignite
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > Versions
> >>> > >> >
> >>> > >> > development
> >>> > >> >
> >>> > >> > 2.7 and later <Earlier versions-TBD?>
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > ECCN
> >>> > >> >
> >>> > >> > 5D002
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > Controlled source
> >>> > >> >
> >>> > >> > ASF
> >>> > >> >
> >>> > >> > title=Designed to use with built-in Java Cryptography
> Architecture
> >>> > (JCA)
> >>> > >> >
> >>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > Oracle
> >>> > >> >
> >>> > >> > title=Designed to use with built-in Java encryption libraries
> >>> (JCE)
> >>> > >> >
> >>> > >> > href=
> >>> > >>
> https://www.oracle.com/technetwork/java/javase/downloads/index.html
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > The OpenSSL Project
> >>> > >> >
> >>> > >> > title=Designed to use General Purpose cryptography library
> >>> included
> >>> > with
> >>> > >> >
> >>> > >> > OpenSSL
> >>> > >> >
> >>> > >> > href=https://www.openssl.org/source/
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > Microsoft
> >>> > >> >
> >>> > >> > title=Designed to use .NET Framework Cryptography Model
> >>> > >> >
> >>> > >> > href=https://dotnet.microsoft.com/download
> >>> > >> >
> >>> > >> > >>>>>>
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > Open questions:
> >>> > >> >
> >>> > >> > 1) Declaring older versions of Ignite.
> >>> > >> >
> >>> > >> > 2) Is it correct to mention that Ignite uses .NET core
> controlled
> >>> by
> >>> > >> .NET
> >>> > >> >
> >>> > >> > Foundation? E.g. as follows:
> >>> > >> >
> >>> > >> > (controlled by)
> >>> > >> >
> >>> > >> > .NET Foundation
> >>> > >> >
> >>> > >> > title=Designed to use .NET Framework Cryptography Model
> >>> > >> >
> >>> > >> > href=https://dotnetfoundation.org/projects
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > Should it go instead of Microsoft? Should we mention .NET code
> in
> >>> > >> addition
> >>> > >> >
> >>> > >> > to Microsoft?
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > Sincerely,
> >>> > >> >
> >>> > >> > Dmitriy Pavlov
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <
> ptupitsyn@apache.org
> >>> >:
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >> > > Hi Denis,
> >>> > >> >
> >>> > >> > >
> >>> > >> >
> >>> > >> > > Ignite.NET uses .NET Framework Standard Library for all
> >>> security and
> >>> > >> >
> >>> > >> > > cryptographic related code. There are no dependencies on
> >>> external
> >>> > >> >
> >>> > >> > > libraries.
> >>> > >> >
> >>> > >> > >
> >>> > >> >
> >>> > >> > > Thanks
> >>> > >> >
> >>> > >> > >
> >>> > >> >
> >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:
> >>> > >> >
> >>> > >> > >
> >>> > >> >
> >>> > >> > > > Igniters,
> >>> > >> >
> >>> > >> > > >
> >>> > >> >
> >>> > >> > > > Regardless of the fact that Ignite is an open source
> >>> software, ASF
> >>> > >> as
> >>> > >> > an
> >>> > >> >
> >>> > >> > > > entity based in the U.S. has to comply with certain
> exporting
> >>> > >> > regulations
> >>> > >> >
> >>> > >> > > > [1].
> >>> > >> >
> >>> > >> > > >
> >>> > >> >
> >>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the
> table
> >>> [2]
> >>> > of
> >>> > >> >
> >>> > >> > > > projects allowed for export and might need the assistance of
> >>> some
> >>> > of
> >>> > >> > you.
> >>> > >> >
> >>> > >> > > >
> >>> > >> >
> >>> > >> > > > Here is a list of cryptographic functions used by Ignite
> (and
> >>> > >> provided
> >>> > >> > by
> >>> > >> >
> >>> > >> > > > a 3rd party vendor):
> >>> > >> >
> >>> > >> > > >
> >>> > >> >
> >>> > >> > > >    1. JDK SSL/TLS libraries if a user wishes to enable
> secured
> >>> > >> >
> >>> > >> > > >    connectivity between cluster nodes. Manufacturer -
> >>> > >> Oracle/OpenJDK (
> >>> > >> >
> >>> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
> >>> > >> >
> >>> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the Java
> >>> libraries
> >>> > >> for
> >>> > >> >
> >>> > >> > > >    transparent data encryption of data on disk (
> >>> > >> >
> >>> > >> > > >
> >>> > https://apacheignite.readme.io/docs/transparent-data-encryption)
> >>> > >> >
> >>> > >> > > >    3. Libraries/vendors for .NET nodes security?* Pavel
> >>> Tupitsyn*,
> >>> > >> > could
> >>> > >> >
> >>> > >> > > >    you check?
> >>> > >> >
> >>> > >> > > >    4. Libraries/vendors for C++ clients security (SSL, TLS,
> >>> > anything
> >>> > >> >
> >>> > >> > > >    else?). *Igor Sapego*, could you please check?
> >>> > >> >
> >>> > >> > > >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS?
> >>> *Dear
> >>> > thin
> >>> > >> >
> >>> > >> > > >    client contributors*, please facilitate.
> >>> > >> >
> >>> > >> > > >    6. Anything else missing from the list? We don't have any
> >>> > custom
> >>> > >> >
> >>> > >> > > >    crypto features, right?
> >>> > >> >
> >>> > >> > > >
> >>> > >> >
> >>> > >> > > > All of these usages/integrations have to comply with the
> >>> following
> >>> > >> >
> >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to
> >>> Export
> >>> > >> >
> >>> > >> > > > Administration Regulations of the U.S.A.
> >>> > >> >
> >>> > >> > > >
> >>> > >> >
> >>> > >> > > > [1] http://www.apache.org/licenses/exports/
> >>> > >> >
> >>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix
> >>> > >> >
> >>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify
> >>> > >> >
> >>> > >> > > >
> >>> > >> >
> >>> > >> > > >
> >>> > >> >
> >>> > >> > > > -
> >>> > >> >
> >>> > >> > > > Denis
> >>> > >> >
> >>> > >> > > >
> >>> > >> >
> >>> > >> > >
> >>> > >> >
> >>> > >> >
> >>> > >> >
> >>> > >>
> >>> > >
> >>> >
> >>>
> >>
>

Re: Signing off Ignite for export beyond the U.S.

[Dmitriy Pavlov <dp...@apache.org>]

Hi Denis,

I still have no info related to starting version of .NET encryption
support. So I supposed it was 1.5.

I've started both XSTLs and added an example of both XLTs output to google
doc tabs. One transformer is for email template generation (requires
project name), another is for the site table.

Only one TODO now left in the PR version of the update. All other stuff is
ready for publishing:
https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8

Sincerely,
Dmitriy Pavlov

P.S. I'm not sure that dev. the list will keep formatting, but anyway here
is transformer output example as text.

Apache Ignite Project
Product Name Versions ECCN
Controlled Source
Apache Ignite development 5D002
ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, Inc.,
The Eclipse Foundation
2.5.0 - latest 5D002
ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, Inc.,
The Eclipse Foundation
1.5.0.final - 2.4.0 5D002
ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse
Foundation
1.0.0 - 1.5.0-b1 5D002
ASF, Oracle, JCraft, Inc., The Eclipse Foundation

ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <dp...@apache.org>:

> Igniters,
>
> as for older versions, I've started to collect information of crypto
> providers usages in older versions, please help me to finalize this doc so
> I could prepare a declaration of older versions.
>
>
> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
>
> I'm not sure if the time of Incubation counts, but, anyway, let' collect
> information about the history of modules.
>
> Sincerely,
> Dmitriy Pavlov
>
> ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <dp...@apache.org>:
>
>> Hi Denis,
>>
>> Build process seems to be mentioned only here
>> https://www.apache.org/dev/crypto.html#sources It also mentions some
>> bisnotice XSLT transformation, which is available at SVN here
>> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/
>>
>> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from
>> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
>> is more appropriate. I will test it locally.
>>
>> The only thing I've found for now is the following scripts at the root of
>> SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/
>> bisnotice.cmd
>> bisnotice.sh
>>
>> Sincerely,
>> Dmitriy Pavlov
>>
>> ср, 19 июн. 2019 г. в 01:40, Denis Magda <dm...@apache.org>:
>>
>>> Dmitriy,
>>>
>>> I think that it's required to enlist all of the publicly released Ignite
>>> versions (available for download from the website). It means that the XML
>>> should have the following controlled sources grouped by Ignite versions'
>>> ranges.
>>>
>>>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse Foundation
>>>    - Ignite 1.5.0 and later: all of the controller versions listed by
>>> you.
>>>
>>> Not sure about JCraft only. What was the first Ignite version the lib was
>>> added to?
>>>
>>> As for .NET versions declarations, I'm for the way it handled right now
>>> by
>>> you. Btw, do you know where ASF explains the website build process?
>>> Failed
>>> to find it, it's not enough just to update the XML.
>>>
>>> Finally, looping in Garrett who can help with the editorial review.
>>> Garrett, could you please review README.txt from this pull-request?
>>>
>>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
>>>
>>>
>>> -
>>> Denis
>>>
>>>
>>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <dp...@apache.org>
>>> wrote:
>>>
>>> > Igniters,
>>> >
>>> > please review crypto notice in
>>> >
>>> >
>>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
>>> >
>>> > Only 2 open questions: about declaring released versions, and about
>>> > declaring .NET versions (.NET Core & . NET Classic). By default, I
>>> propose
>>> > to keep both.
>>> >
>>> > Sincerely,
>>> > Dmitriy Pavlov
>>> >
>>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <dp...@apache.org>:
>>> >
>>> > > Pavel,
>>> > >
>>> > > we need to follow the process from
>>> > > https://www.apache.org/dev/crypto.html#classify
>>> > >
>>> > > Please see similar products in the draft export matrix,
>>> > >
>>> > >
>>> >
>>> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
>>> > >
>>> > >
>>> > > We don't ship JDK, but we designed our product to use a cryptographic
>>> > > feature from this 3rd party product, so we need to follow this
>>> process
>>> > and
>>> > > provide matrix update, add CRYPTO notice (I'll draft it).
>>> > >
>>> > > Other products don't declare all possible JDKs -
>>> > > http://www.apache.org/licenses/exports/#matrix So, probably, one
>>> > > declaration of .NET classic (Microsoft) would be enough.
>>> > >
>>> > > Sincerely,
>>> > > Dmitriy Pavlov
>>> > >
>>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <pt...@apache.org>:
>>> > >
>>> > >> >>Should it go instead of Microsoft? Should we mention .NET code in
>>> > >> addition
>>> > >>
>>> > >> >>to Microsoft?
>>> > >>
>>> > >>
>>> > >>
>>> > >> >Yes, I think we can do this. Ignite targets both of the them. And
>>> .NET
>>> > >> Core uses it’s own implementation of standard class library[1]
>>> > >>
>>> > >> >Pavel may correct me.
>>> > >>
>>> > >>
>>> > >> We use crypto APIs from standard class library. We ship our
>>> binaries,
>>> > but
>>> > >> we don't ship the framework binaries.
>>> > >>
>>> > >> Our binaries can be executed with .NET Core (open-source, MIT
>>> license),
>>> > >> Mono (open-source, MIT license), and .NET Classic (old framework,
>>> > >> Windows-only, Microsoft license).
>>> > >>
>>> > >> I'm still not sure what is the question we are trying to answer,
>>> though.
>>> > >>
>>> > >>
>>> > >> Thanks,
>>> > >>
>>> > >> Pavel
>>> > >>
>>> > >>
>>> > >>
>>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <lexwert@gmail.com
>>> >
>>> > >> wrote:
>>> > >>
>>> > >> > >1) Declaring older versions of Ignite.
>>> > >> >
>>> > >> > >2) Is it correct to mention that Ignite uses .NET core
>>> controlled by
>>> > >> .NET
>>> > >> >
>>> > >> > >Foundation? E.g. as follows:
>>> > >> >
>>> > >> > >(controlled by)
>>> > >> >
>>> > >> > >.NET Foundation
>>> > >> >
>>> > >> > >title=Designed to use .NET Framework Cryptography Model
>>> > >> >
>>> > >> > >href=https://dotnetfoundation.org/projects
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > >Should it go instead of Microsoft? Should we mention .NET code in
>>> > >> addition
>>> > >> >
>>> > >> > >to Microsoft?
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Yes, I think we can do this. Ignite targets both of the them. And
>>> .NET
>>> > >> > Core uses it’s own implementation of standard class library[1]
>>> > >> >
>>> > >> > Pavel may correct me.
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > [1] https://github.com/dotnet/corefx
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > *From: *Dmitriy Pavlov <dp...@apache.org>
>>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
>>> > >> > *To: *dev <de...@ignite.apache.org>
>>> > >> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <
>>> > isapego@apache.org>;
>>> > >> Pavel
>>> > >> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <
>>> nizhikov@apache.org>
>>> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S.
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Thanks, Pavel!
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Denis, Pavel, Igniters, please review the following proposal:
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage.
>>> > >> >
>>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage.
>>> > >> >
>>> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage.
>>> > >> >
>>> > >> > - TDE to be declared as JCA/JCE
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Export matrix data to be published in ASF-level SVN:
>>> > >> >
>>> > >> > <<<<<
>>> > >> >
>>> > >> > Product Name
>>> > >> >
>>> > >> > Apache Ignite
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Versions
>>> > >> >
>>> > >> > development
>>> > >> >
>>> > >> > 2.7 and later <Earlier versions-TBD?>
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > ECCN
>>> > >> >
>>> > >> > 5D002
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Controlled source
>>> > >> >
>>> > >> > ASF
>>> > >> >
>>> > >> > title=Designed to use with built-in Java Cryptography Architecture
>>> > (JCA)
>>> > >> >
>>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Oracle
>>> > >> >
>>> > >> > title=Designed to use with built-in Java encryption libraries
>>> (JCE)
>>> > >> >
>>> > >> > href=
>>> > >> https://www.oracle.com/technetwork/java/javase/downloads/index.html
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > The OpenSSL Project
>>> > >> >
>>> > >> > title=Designed to use General Purpose cryptography library
>>> included
>>> > with
>>> > >> >
>>> > >> > OpenSSL
>>> > >> >
>>> > >> > href=https://www.openssl.org/source/
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Microsoft
>>> > >> >
>>> > >> > title=Designed to use .NET Framework Cryptography Model
>>> > >> >
>>> > >> > href=https://dotnet.microsoft.com/download
>>> > >> >
>>> > >> > >>>>>>
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Open questions:
>>> > >> >
>>> > >> > 1) Declaring older versions of Ignite.
>>> > >> >
>>> > >> > 2) Is it correct to mention that Ignite uses .NET core controlled
>>> by
>>> > >> .NET
>>> > >> >
>>> > >> > Foundation? E.g. as follows:
>>> > >> >
>>> > >> > (controlled by)
>>> > >> >
>>> > >> > .NET Foundation
>>> > >> >
>>> > >> > title=Designed to use .NET Framework Cryptography Model
>>> > >> >
>>> > >> > href=https://dotnetfoundation.org/projects
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Should it go instead of Microsoft? Should we mention .NET code in
>>> > >> addition
>>> > >> >
>>> > >> > to Microsoft?
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > Sincerely,
>>> > >> >
>>> > >> > Dmitriy Pavlov
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <ptupitsyn@apache.org
>>> >:
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >> > > Hi Denis,
>>> > >> >
>>> > >> > >
>>> > >> >
>>> > >> > > Ignite.NET uses .NET Framework Standard Library for all
>>> security and
>>> > >> >
>>> > >> > > cryptographic related code. There are no dependencies on
>>> external
>>> > >> >
>>> > >> > > libraries.
>>> > >> >
>>> > >> > >
>>> > >> >
>>> > >> > > Thanks
>>> > >> >
>>> > >> > >
>>> > >> >
>>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:
>>> > >> >
>>> > >> > >
>>> > >> >
>>> > >> > > > Igniters,
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > > Regardless of the fact that Ignite is an open source
>>> software, ASF
>>> > >> as
>>> > >> > an
>>> > >> >
>>> > >> > > > entity based in the U.S. has to comply with certain exporting
>>> > >> > regulations
>>> > >> >
>>> > >> > > > [1].
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the table
>>> [2]
>>> > of
>>> > >> >
>>> > >> > > > projects allowed for export and might need the assistance of
>>> some
>>> > of
>>> > >> > you.
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > > Here is a list of cryptographic functions used by Ignite (and
>>> > >> provided
>>> > >> > by
>>> > >> >
>>> > >> > > > a 3rd party vendor):
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > >    1. JDK SSL/TLS libraries if a user wishes to enable secured
>>> > >> >
>>> > >> > > >    connectivity between cluster nodes. Manufacturer -
>>> > >> Oracle/OpenJDK (
>>> > >> >
>>> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
>>> > >> >
>>> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the Java
>>> libraries
>>> > >> for
>>> > >> >
>>> > >> > > >    transparent data encryption of data on disk (
>>> > >> >
>>> > >> > > >
>>> > https://apacheignite.readme.io/docs/transparent-data-encryption)
>>> > >> >
>>> > >> > > >    3. Libraries/vendors for .NET nodes security?* Pavel
>>> Tupitsyn*,
>>> > >> > could
>>> > >> >
>>> > >> > > >    you check?
>>> > >> >
>>> > >> > > >    4. Libraries/vendors for C++ clients security (SSL, TLS,
>>> > anything
>>> > >> >
>>> > >> > > >    else?). *Igor Sapego*, could you please check?
>>> > >> >
>>> > >> > > >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS?
>>> *Dear
>>> > thin
>>> > >> >
>>> > >> > > >    client contributors*, please facilitate.
>>> > >> >
>>> > >> > > >    6. Anything else missing from the list? We don't have any
>>> > custom
>>> > >> >
>>> > >> > > >    crypto features, right?
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > > All of these usages/integrations have to comply with the
>>> following
>>> > >> >
>>> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to
>>> Export
>>> > >> >
>>> > >> > > > Administration Regulations of the U.S.A.
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > > [1] http://www.apache.org/licenses/exports/
>>> > >> >
>>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix
>>> > >> >
>>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > > > -
>>> > >> >
>>> > >> > > > Denis
>>> > >> >
>>> > >> > > >
>>> > >> >
>>> > >> > >
>>> > >> >
>>> > >> >
>>> > >> >
>>> > >>
>>> > >
>>> >
>>>
>>

Re: Signing off Ignite for export beyond the U.S.

[Dmitriy Pavlov <dp...@apache.org>]

Igniters,

as for older versions, I've started to collect information of crypto
providers usages in older versions, please help me to finalize this doc so
I could prepare a declaration of older versions.

https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing

I'm not sure if the time of Incubation counts, but, anyway, let' collect
information about the history of modules.

Sincerely,
Dmitriy Pavlov

ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <dp...@apache.org>:

> Hi Denis,
>
> Build process seems to be mentioned only here
> https://www.apache.org/dev/crypto.html#sources It also mentions some
> bisnotice XSLT transformation, which is available at SVN here
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/
>
> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
> is more appropriate. I will test it locally.
>
> The only thing I've found for now is the following scripts at the root of
> SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/
> bisnotice.cmd
> bisnotice.sh
>
> Sincerely,
> Dmitriy Pavlov
>
> ср, 19 июн. 2019 г. в 01:40, Denis Magda <dm...@apache.org>:
>
>> Dmitriy,
>>
>> I think that it's required to enlist all of the publicly released Ignite
>> versions (available for download from the website). It means that the XML
>> should have the following controlled sources grouped by Ignite versions'
>> ranges.
>>
>>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse Foundation
>>    - Ignite 1.5.0 and later: all of the controller versions listed by you.
>>
>> Not sure about JCraft only. What was the first Ignite version the lib was
>> added to?
>>
>> As for .NET versions declarations, I'm for the way it handled right now by
>> you. Btw, do you know where ASF explains the website build process? Failed
>> to find it, it's not enough just to update the XML.
>>
>> Finally, looping in Garrett who can help with the editorial review.
>> Garrett, could you please review README.txt from this pull-request?
>>
>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
>>
>>
>> -
>> Denis
>>
>>
>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <dp...@apache.org>
>> wrote:
>>
>> > Igniters,
>> >
>> > please review crypto notice in
>> >
>> >
>> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
>> >
>> > Only 2 open questions: about declaring released versions, and about
>> > declaring .NET versions (.NET Core & . NET Classic). By default, I
>> propose
>> > to keep both.
>> >
>> > Sincerely,
>> > Dmitriy Pavlov
>> >
>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <dp...@apache.org>:
>> >
>> > > Pavel,
>> > >
>> > > we need to follow the process from
>> > > https://www.apache.org/dev/crypto.html#classify
>> > >
>> > > Please see similar products in the draft export matrix,
>> > >
>> > >
>> >
>> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
>> > >
>> > >
>> > > We don't ship JDK, but we designed our product to use a cryptographic
>> > > feature from this 3rd party product, so we need to follow this process
>> > and
>> > > provide matrix update, add CRYPTO notice (I'll draft it).
>> > >
>> > > Other products don't declare all possible JDKs -
>> > > http://www.apache.org/licenses/exports/#matrix So, probably, one
>> > > declaration of .NET classic (Microsoft) would be enough.
>> > >
>> > > Sincerely,
>> > > Dmitriy Pavlov
>> > >
>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <pt...@apache.org>:
>> > >
>> > >> >>Should it go instead of Microsoft? Should we mention .NET code in
>> > >> addition
>> > >>
>> > >> >>to Microsoft?
>> > >>
>> > >>
>> > >>
>> > >> >Yes, I think we can do this. Ignite targets both of the them. And
>> .NET
>> > >> Core uses it’s own implementation of standard class library[1]
>> > >>
>> > >> >Pavel may correct me.
>> > >>
>> > >>
>> > >> We use crypto APIs from standard class library. We ship our binaries,
>> > but
>> > >> we don't ship the framework binaries.
>> > >>
>> > >> Our binaries can be executed with .NET Core (open-source, MIT
>> license),
>> > >> Mono (open-source, MIT license), and .NET Classic (old framework,
>> > >> Windows-only, Microsoft license).
>> > >>
>> > >> I'm still not sure what is the question we are trying to answer,
>> though.
>> > >>
>> > >>
>> > >> Thanks,
>> > >>
>> > >> Pavel
>> > >>
>> > >>
>> > >>
>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <le...@gmail.com>
>> > >> wrote:
>> > >>
>> > >> > >1) Declaring older versions of Ignite.
>> > >> >
>> > >> > >2) Is it correct to mention that Ignite uses .NET core controlled
>> by
>> > >> .NET
>> > >> >
>> > >> > >Foundation? E.g. as follows:
>> > >> >
>> > >> > >(controlled by)
>> > >> >
>> > >> > >.NET Foundation
>> > >> >
>> > >> > >title=Designed to use .NET Framework Cryptography Model
>> > >> >
>> > >> > >href=https://dotnetfoundation.org/projects
>> > >> >
>> > >> >
>> > >> >
>> > >> > >Should it go instead of Microsoft? Should we mention .NET code in
>> > >> addition
>> > >> >
>> > >> > >to Microsoft?
>> > >> >
>> > >> >
>> > >> >
>> > >> > Yes, I think we can do this. Ignite targets both of the them. And
>> .NET
>> > >> > Core uses it’s own implementation of standard class library[1]
>> > >> >
>> > >> > Pavel may correct me.
>> > >> >
>> > >> >
>> > >> >
>> > >> > [1] https://github.com/dotnet/corefx
>> > >> >
>> > >> >
>> > >> >
>> > >> > *From: *Dmitriy Pavlov <dp...@apache.org>
>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
>> > >> > *To: *dev <de...@ignite.apache.org>
>> > >> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <
>> > isapego@apache.org>;
>> > >> Pavel
>> > >> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <
>> nizhikov@apache.org>
>> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S.
>> > >> >
>> > >> >
>> > >> >
>> > >> > Thanks, Pavel!
>> > >> >
>> > >> >
>> > >> >
>> > >> > Denis, Pavel, Igniters, please review the following proposal:
>> > >> >
>> > >> >
>> > >> >
>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage.
>> > >> >
>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage.
>> > >> >
>> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage.
>> > >> >
>> > >> > - TDE to be declared as JCA/JCE
>> > >> >
>> > >> >
>> > >> >
>> > >> > Export matrix data to be published in ASF-level SVN:
>> > >> >
>> > >> > <<<<<
>> > >> >
>> > >> > Product Name
>> > >> >
>> > >> > Apache Ignite
>> > >> >
>> > >> >
>> > >> >
>> > >> > Versions
>> > >> >
>> > >> > development
>> > >> >
>> > >> > 2.7 and later <Earlier versions-TBD?>
>> > >> >
>> > >> >
>> > >> >
>> > >> > ECCN
>> > >> >
>> > >> > 5D002
>> > >> >
>> > >> >
>> > >> >
>> > >> > Controlled source
>> > >> >
>> > >> > ASF
>> > >> >
>> > >> > title=Designed to use with built-in Java Cryptography Architecture
>> > (JCA)
>> > >> >
>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
>> > >> >
>> > >> >
>> > >> >
>> > >> > Oracle
>> > >> >
>> > >> > title=Designed to use with built-in Java encryption libraries (JCE)
>> > >> >
>> > >> > href=
>> > >> https://www.oracle.com/technetwork/java/javase/downloads/index.html
>> > >> >
>> > >> >
>> > >> >
>> > >> > The OpenSSL Project
>> > >> >
>> > >> > title=Designed to use General Purpose cryptography library included
>> > with
>> > >> >
>> > >> > OpenSSL
>> > >> >
>> > >> > href=https://www.openssl.org/source/
>> > >> >
>> > >> >
>> > >> >
>> > >> > Microsoft
>> > >> >
>> > >> > title=Designed to use .NET Framework Cryptography Model
>> > >> >
>> > >> > href=https://dotnet.microsoft.com/download
>> > >> >
>> > >> > >>>>>>
>> > >> >
>> > >> >
>> > >> >
>> > >> > Open questions:
>> > >> >
>> > >> > 1) Declaring older versions of Ignite.
>> > >> >
>> > >> > 2) Is it correct to mention that Ignite uses .NET core controlled
>> by
>> > >> .NET
>> > >> >
>> > >> > Foundation? E.g. as follows:
>> > >> >
>> > >> > (controlled by)
>> > >> >
>> > >> > .NET Foundation
>> > >> >
>> > >> > title=Designed to use .NET Framework Cryptography Model
>> > >> >
>> > >> > href=https://dotnetfoundation.org/projects
>> > >> >
>> > >> >
>> > >> >
>> > >> > Should it go instead of Microsoft? Should we mention .NET code in
>> > >> addition
>> > >> >
>> > >> > to Microsoft?
>> > >> >
>> > >> >
>> > >> >
>> > >> > Sincerely,
>> > >> >
>> > >> > Dmitriy Pavlov
>> > >> >
>> > >> >
>> > >> >
>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <ptupitsyn@apache.org
>> >:
>> > >> >
>> > >> >
>> > >> >
>> > >> > > Hi Denis,
>> > >> >
>> > >> > >
>> > >> >
>> > >> > > Ignite.NET uses .NET Framework Standard Library for all security
>> and
>> > >> >
>> > >> > > cryptographic related code. There are no dependencies on external
>> > >> >
>> > >> > > libraries.
>> > >> >
>> > >> > >
>> > >> >
>> > >> > > Thanks
>> > >> >
>> > >> > >
>> > >> >
>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:
>> > >> >
>> > >> > >
>> > >> >
>> > >> > > > Igniters,
>> > >> >
>> > >> > > >
>> > >> >
>> > >> > > > Regardless of the fact that Ignite is an open source software,
>> ASF
>> > >> as
>> > >> > an
>> > >> >
>> > >> > > > entity based in the U.S. has to comply with certain exporting
>> > >> > regulations
>> > >> >
>> > >> > > > [1].
>> > >> >
>> > >> > > >
>> > >> >
>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the table
>> [2]
>> > of
>> > >> >
>> > >> > > > projects allowed for export and might need the assistance of
>> some
>> > of
>> > >> > you.
>> > >> >
>> > >> > > >
>> > >> >
>> > >> > > > Here is a list of cryptographic functions used by Ignite (and
>> > >> provided
>> > >> > by
>> > >> >
>> > >> > > > a 3rd party vendor):
>> > >> >
>> > >> > > >
>> > >> >
>> > >> > > >    1. JDK SSL/TLS libraries if a user wishes to enable secured
>> > >> >
>> > >> > > >    connectivity between cluster nodes. Manufacturer -
>> > >> Oracle/OpenJDK (
>> > >> >
>> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
>> > >> >
>> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the Java
>> libraries
>> > >> for
>> > >> >
>> > >> > > >    transparent data encryption of data on disk (
>> > >> >
>> > >> > > >
>> > https://apacheignite.readme.io/docs/transparent-data-encryption)
>> > >> >
>> > >> > > >    3. Libraries/vendors for .NET nodes security?* Pavel
>> Tupitsyn*,
>> > >> > could
>> > >> >
>> > >> > > >    you check?
>> > >> >
>> > >> > > >    4. Libraries/vendors for C++ clients security (SSL, TLS,
>> > anything
>> > >> >
>> > >> > > >    else?). *Igor Sapego*, could you please check?
>> > >> >
>> > >> > > >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear
>> > thin
>> > >> >
>> > >> > > >    client contributors*, please facilitate.
>> > >> >
>> > >> > > >    6. Anything else missing from the list? We don't have any
>> > custom
>> > >> >
>> > >> > > >    crypto features, right?
>> > >> >
>> > >> > > >
>> > >> >
>> > >> > > > All of these usages/integrations have to comply with the
>> following
>> > >> >
>> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to
>> Export
>> > >> >
>> > >> > > > Administration Regulations of the U.S.A.
>> > >> >
>> > >> > > >
>> > >> >
>> > >> > > > [1] http://www.apache.org/licenses/exports/
>> > >> >
>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix
>> > >> >
>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify
>> > >> >
>> > >> > > >
>> > >> >
>> > >> > > >
>> > >> >
>> > >> > > > -
>> > >> >
>> > >> > > > Denis
>> > >> >
>> > >> > > >
>> > >> >
>> > >> > >
>> > >> >
>> > >> >
>> > >> >
>> > >>
>> > >
>> >
>>
>

Re: Signing off Ignite for export beyond the U.S.

[Dmitriy Pavlov <dp...@apache.org>]

Hi Denis,

Build process seems to be mentioned only here
https://www.apache.org/dev/crypto.html#sources It also mentions some
bisnotice XSLT transformation, which is available at SVN here
https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/

For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from
https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
is more appropriate. I will test it locally.

The only thing I've found for now is the following scripts at the root of
SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/
bisnotice.cmd
bisnotice.sh

Sincerely,
Dmitriy Pavlov

ср, 19 июн. 2019 г. в 01:40, Denis Magda <dm...@apache.org>:

> Dmitriy,
>
> I think that it's required to enlist all of the publicly released Ignite
> versions (available for download from the website). It means that the XML
> should have the following controlled sources grouped by Ignite versions'
> ranges.
>
>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse Foundation
>    - Ignite 1.5.0 and later: all of the controller versions listed by you.
>
> Not sure about JCraft only. What was the first Ignite version the lib was
> added to?
>
> As for .NET versions declarations, I'm for the way it handled right now by
> you. Btw, do you know where ASF explains the website build process? Failed
> to find it, it's not enough just to update the XML.
>
> Finally, looping in Garrett who can help with the editorial review.
> Garrett, could you please review README.txt from this pull-request?
>
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
>
>
> -
> Denis
>
>
> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <dp...@apache.org> wrote:
>
> > Igniters,
> >
> > please review crypto notice in
> >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> >
> > Only 2 open questions: about declaring released versions, and about
> > declaring .NET versions (.NET Core & . NET Classic). By default, I
> propose
> > to keep both.
> >
> > Sincerely,
> > Dmitriy Pavlov
> >
> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <dp...@apache.org>:
> >
> > > Pavel,
> > >
> > > we need to follow the process from
> > > https://www.apache.org/dev/crypto.html#classify
> > >
> > > Please see similar products in the draft export matrix,
> > >
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
> > >
> > >
> > > We don't ship JDK, but we designed our product to use a cryptographic
> > > feature from this 3rd party product, so we need to follow this process
> > and
> > > provide matrix update, add CRYPTO notice (I'll draft it).
> > >
> > > Other products don't declare all possible JDKs -
> > > http://www.apache.org/licenses/exports/#matrix So, probably, one
> > > declaration of .NET classic (Microsoft) would be enough.
> > >
> > > Sincerely,
> > > Dmitriy Pavlov
> > >
> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <pt...@apache.org>:
> > >
> > >> >>Should it go instead of Microsoft? Should we mention .NET code in
> > >> addition
> > >>
> > >> >>to Microsoft?
> > >>
> > >>
> > >>
> > >> >Yes, I think we can do this. Ignite targets both of the them. And
> .NET
> > >> Core uses it’s own implementation of standard class library[1]
> > >>
> > >> >Pavel may correct me.
> > >>
> > >>
> > >> We use crypto APIs from standard class library. We ship our binaries,
> > but
> > >> we don't ship the framework binaries.
> > >>
> > >> Our binaries can be executed with .NET Core (open-source, MIT
> license),
> > >> Mono (open-source, MIT license), and .NET Classic (old framework,
> > >> Windows-only, Microsoft license).
> > >>
> > >> I'm still not sure what is the question we are trying to answer,
> though.
> > >>
> > >>
> > >> Thanks,
> > >>
> > >> Pavel
> > >>
> > >>
> > >>
> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <le...@gmail.com>
> > >> wrote:
> > >>
> > >> > >1) Declaring older versions of Ignite.
> > >> >
> > >> > >2) Is it correct to mention that Ignite uses .NET core controlled
> by
> > >> .NET
> > >> >
> > >> > >Foundation? E.g. as follows:
> > >> >
> > >> > >(controlled by)
> > >> >
> > >> > >.NET Foundation
> > >> >
> > >> > >title=Designed to use .NET Framework Cryptography Model
> > >> >
> > >> > >href=https://dotnetfoundation.org/projects
> > >> >
> > >> >
> > >> >
> > >> > >Should it go instead of Microsoft? Should we mention .NET code in
> > >> addition
> > >> >
> > >> > >to Microsoft?
> > >> >
> > >> >
> > >> >
> > >> > Yes, I think we can do this. Ignite targets both of the them. And
> .NET
> > >> > Core uses it’s own implementation of standard class library[1]
> > >> >
> > >> > Pavel may correct me.
> > >> >
> > >> >
> > >> >
> > >> > [1] https://github.com/dotnet/corefx
> > >> >
> > >> >
> > >> >
> > >> > *From: *Dmitriy Pavlov <dp...@apache.org>
> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
> > >> > *To: *dev <de...@ignite.apache.org>
> > >> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <
> > isapego@apache.org>;
> > >> Pavel
> > >> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <nizhikov@apache.org
> >
> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S.
> > >> >
> > >> >
> > >> >
> > >> > Thanks, Pavel!
> > >> >
> > >> >
> > >> >
> > >> > Denis, Pavel, Igniters, please review the following proposal:
> > >> >
> > >> >
> > >> >
> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage.
> > >> >
> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage.
> > >> >
> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage.
> > >> >
> > >> > - TDE to be declared as JCA/JCE
> > >> >
> > >> >
> > >> >
> > >> > Export matrix data to be published in ASF-level SVN:
> > >> >
> > >> > <<<<<
> > >> >
> > >> > Product Name
> > >> >
> > >> > Apache Ignite
> > >> >
> > >> >
> > >> >
> > >> > Versions
> > >> >
> > >> > development
> > >> >
> > >> > 2.7 and later <Earlier versions-TBD?>
> > >> >
> > >> >
> > >> >
> > >> > ECCN
> > >> >
> > >> > 5D002
> > >> >
> > >> >
> > >> >
> > >> > Controlled source
> > >> >
> > >> > ASF
> > >> >
> > >> > title=Designed to use with built-in Java Cryptography Architecture
> > (JCA)
> > >> >
> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
> > >> >
> > >> >
> > >> >
> > >> > Oracle
> > >> >
> > >> > title=Designed to use with built-in Java encryption libraries (JCE)
> > >> >
> > >> > href=
> > >> https://www.oracle.com/technetwork/java/javase/downloads/index.html
> > >> >
> > >> >
> > >> >
> > >> > The OpenSSL Project
> > >> >
> > >> > title=Designed to use General Purpose cryptography library included
> > with
> > >> >
> > >> > OpenSSL
> > >> >
> > >> > href=https://www.openssl.org/source/
> > >> >
> > >> >
> > >> >
> > >> > Microsoft
> > >> >
> > >> > title=Designed to use .NET Framework Cryptography Model
> > >> >
> > >> > href=https://dotnet.microsoft.com/download
> > >> >
> > >> > >>>>>>
> > >> >
> > >> >
> > >> >
> > >> > Open questions:
> > >> >
> > >> > 1) Declaring older versions of Ignite.
> > >> >
> > >> > 2) Is it correct to mention that Ignite uses .NET core controlled by
> > >> .NET
> > >> >
> > >> > Foundation? E.g. as follows:
> > >> >
> > >> > (controlled by)
> > >> >
> > >> > .NET Foundation
> > >> >
> > >> > title=Designed to use .NET Framework Cryptography Model
> > >> >
> > >> > href=https://dotnetfoundation.org/projects
> > >> >
> > >> >
> > >> >
> > >> > Should it go instead of Microsoft? Should we mention .NET code in
> > >> addition
> > >> >
> > >> > to Microsoft?
> > >> >
> > >> >
> > >> >
> > >> > Sincerely,
> > >> >
> > >> > Dmitriy Pavlov
> > >> >
> > >> >
> > >> >
> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <pt...@apache.org>:
> > >> >
> > >> >
> > >> >
> > >> > > Hi Denis,
> > >> >
> > >> > >
> > >> >
> > >> > > Ignite.NET uses .NET Framework Standard Library for all security
> and
> > >> >
> > >> > > cryptographic related code. There are no dependencies on external
> > >> >
> > >> > > libraries.
> > >> >
> > >> > >
> > >> >
> > >> > > Thanks
> > >> >
> > >> > >
> > >> >
> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:
> > >> >
> > >> > >
> > >> >
> > >> > > > Igniters,
> > >> >
> > >> > > >
> > >> >
> > >> > > > Regardless of the fact that Ignite is an open source software,
> ASF
> > >> as
> > >> > an
> > >> >
> > >> > > > entity based in the U.S. has to comply with certain exporting
> > >> > regulations
> > >> >
> > >> > > > [1].
> > >> >
> > >> > > >
> > >> >
> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the table
> [2]
> > of
> > >> >
> > >> > > > projects allowed for export and might need the assistance of
> some
> > of
> > >> > you.
> > >> >
> > >> > > >
> > >> >
> > >> > > > Here is a list of cryptographic functions used by Ignite (and
> > >> provided
> > >> > by
> > >> >
> > >> > > > a 3rd party vendor):
> > >> >
> > >> > > >
> > >> >
> > >> > > >    1. JDK SSL/TLS libraries if a user wishes to enable secured
> > >> >
> > >> > > >    connectivity between cluster nodes. Manufacturer -
> > >> Oracle/OpenJDK (
> > >> >
> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
> > >> >
> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the Java
> libraries
> > >> for
> > >> >
> > >> > > >    transparent data encryption of data on disk (
> > >> >
> > >> > > >
> > https://apacheignite.readme.io/docs/transparent-data-encryption)
> > >> >
> > >> > > >    3. Libraries/vendors for .NET nodes security?* Pavel
> Tupitsyn*,
> > >> > could
> > >> >
> > >> > > >    you check?
> > >> >
> > >> > > >    4. Libraries/vendors for C++ clients security (SSL, TLS,
> > anything
> > >> >
> > >> > > >    else?). *Igor Sapego*, could you please check?
> > >> >
> > >> > > >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear
> > thin
> > >> >
> > >> > > >    client contributors*, please facilitate.
> > >> >
> > >> > > >    6. Anything else missing from the list? We don't have any
> > custom
> > >> >
> > >> > > >    crypto features, right?
> > >> >
> > >> > > >
> > >> >
> > >> > > > All of these usages/integrations have to comply with the
> following
> > >> >
> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to
> Export
> > >> >
> > >> > > > Administration Regulations of the U.S.A.
> > >> >
> > >> > > >
> > >> >
> > >> > > > [1] http://www.apache.org/licenses/exports/
> > >> >
> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix
> > >> >
> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify
> > >> >
> > >> > > >
> > >> >
> > >> > > >
> > >> >
> > >> > > > -
> > >> >
> > >> > > > Denis
> > >> >
> > >> > > >
> > >> >
> > >> > >
> > >> >
> > >> >
> > >> >
> > >>
> > >
> >
>

Re: Signing off Ignite for export beyond the U.S.

[Denis Magda <dm...@apache.org>]

Dmitriy,

I think that it's required to enlist all of the publicly released Ignite
versions (available for download from the website). It means that the XML
should have the following controlled sources grouped by Ignite versions'
ranges.

   - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse Foundation
   - Ignite 1.5.0 and later: all of the controller versions listed by you.

Not sure about JCraft only. What was the first Ignite version the lib was
added to?

As for .NET versions declarations, I'm for the way it handled right now by
you. Btw, do you know where ASF explains the website build process? Failed
to find it, it's not enough just to update the XML.

Finally, looping in Garrett who can help with the editorial review.
Garrett, could you please review README.txt from this pull-request?
https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29


-
Denis


On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <dp...@apache.org> wrote:

> Igniters,
>
> please review crypto notice in
>
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
>
> Only 2 open questions: about declaring released versions, and about
> declaring .NET versions (.NET Core & . NET Classic). By default, I propose
> to keep both.
>
> Sincerely,
> Dmitriy Pavlov
>
> пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <dp...@apache.org>:
>
> > Pavel,
> >
> > we need to follow the process from
> > https://www.apache.org/dev/crypto.html#classify
> >
> > Please see similar products in the draft export matrix,
> >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
> >
> >
> > We don't ship JDK, but we designed our product to use a cryptographic
> > feature from this 3rd party product, so we need to follow this process
> and
> > provide matrix update, add CRYPTO notice (I'll draft it).
> >
> > Other products don't declare all possible JDKs -
> > http://www.apache.org/licenses/exports/#matrix So, probably, one
> > declaration of .NET classic (Microsoft) would be enough.
> >
> > Sincerely,
> > Dmitriy Pavlov
> >
> > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <pt...@apache.org>:
> >
> >> >>Should it go instead of Microsoft? Should we mention .NET code in
> >> addition
> >>
> >> >>to Microsoft?
> >>
> >>
> >>
> >> >Yes, I think we can do this. Ignite targets both of the them. And .NET
> >> Core uses it’s own implementation of standard class library[1]
> >>
> >> >Pavel may correct me.
> >>
> >>
> >> We use crypto APIs from standard class library. We ship our binaries,
> but
> >> we don't ship the framework binaries.
> >>
> >> Our binaries can be executed with .NET Core (open-source, MIT license),
> >> Mono (open-source, MIT license), and .NET Classic (old framework,
> >> Windows-only, Microsoft license).
> >>
> >> I'm still not sure what is the question we are trying to answer, though.
> >>
> >>
> >> Thanks,
> >>
> >> Pavel
> >>
> >>
> >>
> >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <le...@gmail.com>
> >> wrote:
> >>
> >> > >1) Declaring older versions of Ignite.
> >> >
> >> > >2) Is it correct to mention that Ignite uses .NET core controlled by
> >> .NET
> >> >
> >> > >Foundation? E.g. as follows:
> >> >
> >> > >(controlled by)
> >> >
> >> > >.NET Foundation
> >> >
> >> > >title=Designed to use .NET Framework Cryptography Model
> >> >
> >> > >href=https://dotnetfoundation.org/projects
> >> >
> >> >
> >> >
> >> > >Should it go instead of Microsoft? Should we mention .NET code in
> >> addition
> >> >
> >> > >to Microsoft?
> >> >
> >> >
> >> >
> >> > Yes, I think we can do this. Ignite targets both of the them. And .NET
> >> > Core uses it’s own implementation of standard class library[1]
> >> >
> >> > Pavel may correct me.
> >> >
> >> >
> >> >
> >> > [1] https://github.com/dotnet/corefx
> >> >
> >> >
> >> >
> >> > *From: *Dmitriy Pavlov <dp...@apache.org>
> >> > *Sent: *Monday, June 17, 2019 4:35 PM
> >> > *To: *dev <de...@ignite.apache.org>
> >> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <
> isapego@apache.org>;
> >> Pavel
> >> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <ni...@apache.org>
> >> > *Subject: *Re: Signing off Ignite for export beyond the U.S.
> >> >
> >> >
> >> >
> >> > Thanks, Pavel!
> >> >
> >> >
> >> >
> >> > Denis, Pavel, Igniters, please review the following proposal:
> >> >
> >> >
> >> >
> >> > - Python, Node JS, ODBC to be declared as OpenSSL usage.
> >> >
> >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage.
> >> >
> >> > - SSLContextFactory usage to be declared as JCA/JCE usage.
> >> >
> >> > - TDE to be declared as JCA/JCE
> >> >
> >> >
> >> >
> >> > Export matrix data to be published in ASF-level SVN:
> >> >
> >> > <<<<<
> >> >
> >> > Product Name
> >> >
> >> > Apache Ignite
> >> >
> >> >
> >> >
> >> > Versions
> >> >
> >> > development
> >> >
> >> > 2.7 and later <Earlier versions-TBD?>
> >> >
> >> >
> >> >
> >> > ECCN
> >> >
> >> > 5D002
> >> >
> >> >
> >> >
> >> > Controlled source
> >> >
> >> > ASF
> >> >
> >> > title=Designed to use with built-in Java Cryptography Architecture
> (JCA)
> >> >
> >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
> >> >
> >> >
> >> >
> >> > Oracle
> >> >
> >> > title=Designed to use with built-in Java encryption libraries (JCE)
> >> >
> >> > href=
> >> https://www.oracle.com/technetwork/java/javase/downloads/index.html
> >> >
> >> >
> >> >
> >> > The OpenSSL Project
> >> >
> >> > title=Designed to use General Purpose cryptography library included
> with
> >> >
> >> > OpenSSL
> >> >
> >> > href=https://www.openssl.org/source/
> >> >
> >> >
> >> >
> >> > Microsoft
> >> >
> >> > title=Designed to use .NET Framework Cryptography Model
> >> >
> >> > href=https://dotnet.microsoft.com/download
> >> >
> >> > >>>>>>
> >> >
> >> >
> >> >
> >> > Open questions:
> >> >
> >> > 1) Declaring older versions of Ignite.
> >> >
> >> > 2) Is it correct to mention that Ignite uses .NET core controlled by
> >> .NET
> >> >
> >> > Foundation? E.g. as follows:
> >> >
> >> > (controlled by)
> >> >
> >> > .NET Foundation
> >> >
> >> > title=Designed to use .NET Framework Cryptography Model
> >> >
> >> > href=https://dotnetfoundation.org/projects
> >> >
> >> >
> >> >
> >> > Should it go instead of Microsoft? Should we mention .NET code in
> >> addition
> >> >
> >> > to Microsoft?
> >> >
> >> >
> >> >
> >> > Sincerely,
> >> >
> >> > Dmitriy Pavlov
> >> >
> >> >
> >> >
> >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <pt...@apache.org>:
> >> >
> >> >
> >> >
> >> > > Hi Denis,
> >> >
> >> > >
> >> >
> >> > > Ignite.NET uses .NET Framework Standard Library for all security and
> >> >
> >> > > cryptographic related code. There are no dependencies on external
> >> >
> >> > > libraries.
> >> >
> >> > >
> >> >
> >> > > Thanks
> >> >
> >> > >
> >> >
> >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:
> >> >
> >> > >
> >> >
> >> > > > Igniters,
> >> >
> >> > > >
> >> >
> >> > > > Regardless of the fact that Ignite is an open source software, ASF
> >> as
> >> > an
> >> >
> >> > > > entity based in the U.S. has to comply with certain exporting
> >> > regulations
> >> >
> >> > > > [1].
> >> >
> >> > > >
> >> >
> >> > > > Dmitry Pavlov and I are working on adding Ignite to the table [2]
> of
> >> >
> >> > > > projects allowed for export and might need the assistance of some
> of
> >> > you.
> >> >
> >> > > >
> >> >
> >> > > > Here is a list of cryptographic functions used by Ignite (and
> >> provided
> >> > by
> >> >
> >> > > > a 3rd party vendor):
> >> >
> >> > > >
> >> >
> >> > > >    1. JDK SSL/TLS libraries if a user wishes to enable secured
> >> >
> >> > > >    connectivity between cluster nodes. Manufacturer -
> >> Oracle/OpenJDK (
> >> >
> >> > > >    https://apacheignite.readme.io/docs/ssltls)
> >> >
> >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries
> >> for
> >> >
> >> > > >    transparent data encryption of data on disk (
> >> >
> >> > > >
> https://apacheignite.readme.io/docs/transparent-data-encryption)
> >> >
> >> > > >    3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*,
> >> > could
> >> >
> >> > > >    you check?
> >> >
> >> > > >    4. Libraries/vendors for C++ clients security (SSL, TLS,
> anything
> >> >
> >> > > >    else?). *Igor Sapego*, could you please check?
> >> >
> >> > > >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear
> thin
> >> >
> >> > > >    client contributors*, please facilitate.
> >> >
> >> > > >    6. Anything else missing from the list? We don't have any
> custom
> >> >
> >> > > >    crypto features, right?
> >> >
> >> > > >
> >> >
> >> > > > All of these usages/integrations have to comply with the following
> >> >
> >> > > > checklist [3] before I, as a PMC Chair, submit a notice to Export
> >> >
> >> > > > Administration Regulations of the U.S.A.
> >> >
> >> > > >
> >> >
> >> > > > [1] http://www.apache.org/licenses/exports/
> >> >
> >> > > > [2] http://www.apache.org/licenses/exports/#matrix
> >> >
> >> > > > [3] https://www.apache.org/dev/crypto.html#classify
> >> >
> >> > > >
> >> >
> >> > > >
> >> >
> >> > > > -
> >> >
> >> > > > Denis
> >> >
> >> > > >
> >> >
> >> > >
> >> >
> >> >
> >> >
> >>
> >
>

Re: Signing off Ignite for export beyond the U.S.

[Dmitriy Pavlov <dp...@apache.org>]

Igniters,

please review crypto notice in
https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29

Only 2 open questions: about declaring released versions, and about
declaring .NET versions (.NET Core & . NET Classic). By default, I propose
to keep both.

Sincerely,
Dmitriy Pavlov

пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <dp...@apache.org>:

> Pavel,
>
> we need to follow the process from
> https://www.apache.org/dev/crypto.html#classify
>
> Please see similar products in the draft export matrix,
>
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
>
>
> We don't ship JDK, but we designed our product to use a cryptographic
> feature from this 3rd party product, so we need to follow this process and
> provide matrix update, add CRYPTO notice (I'll draft it).
>
> Other products don't declare all possible JDKs -
> http://www.apache.org/licenses/exports/#matrix So, probably, one
> declaration of .NET classic (Microsoft) would be enough.
>
> Sincerely,
> Dmitriy Pavlov
>
> пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <pt...@apache.org>:
>
>> >>Should it go instead of Microsoft? Should we mention .NET code in
>> addition
>>
>> >>to Microsoft?
>>
>>
>>
>> >Yes, I think we can do this. Ignite targets both of the them. And .NET
>> Core uses it’s own implementation of standard class library[1]
>>
>> >Pavel may correct me.
>>
>>
>> We use crypto APIs from standard class library. We ship our binaries, but
>> we don't ship the framework binaries.
>>
>> Our binaries can be executed with .NET Core (open-source, MIT license),
>> Mono (open-source, MIT license), and .NET Classic (old framework,
>> Windows-only, Microsoft license).
>>
>> I'm still not sure what is the question we are trying to answer, though.
>>
>>
>> Thanks,
>>
>> Pavel
>>
>>
>>
>> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <le...@gmail.com>
>> wrote:
>>
>> > >1) Declaring older versions of Ignite.
>> >
>> > >2) Is it correct to mention that Ignite uses .NET core controlled by
>> .NET
>> >
>> > >Foundation? E.g. as follows:
>> >
>> > >(controlled by)
>> >
>> > >.NET Foundation
>> >
>> > >title=Designed to use .NET Framework Cryptography Model
>> >
>> > >href=https://dotnetfoundation.org/projects
>> >
>> >
>> >
>> > >Should it go instead of Microsoft? Should we mention .NET code in
>> addition
>> >
>> > >to Microsoft?
>> >
>> >
>> >
>> > Yes, I think we can do this. Ignite targets both of the them. And .NET
>> > Core uses it’s own implementation of standard class library[1]
>> >
>> > Pavel may correct me.
>> >
>> >
>> >
>> > [1] https://github.com/dotnet/corefx
>> >
>> >
>> >
>> > *From: *Dmitriy Pavlov <dp...@apache.org>
>> > *Sent: *Monday, June 17, 2019 4:35 PM
>> > *To: *dev <de...@ignite.apache.org>
>> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <is...@apache.org>;
>> Pavel
>> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <ni...@apache.org>
>> > *Subject: *Re: Signing off Ignite for export beyond the U.S.
>> >
>> >
>> >
>> > Thanks, Pavel!
>> >
>> >
>> >
>> > Denis, Pavel, Igniters, please review the following proposal:
>> >
>> >
>> >
>> > - Python, Node JS, ODBC to be declared as OpenSSL usage.
>> >
>> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage.
>> >
>> > - SSLContextFactory usage to be declared as JCA/JCE usage.
>> >
>> > - TDE to be declared as JCA/JCE
>> >
>> >
>> >
>> > Export matrix data to be published in ASF-level SVN:
>> >
>> > <<<<<
>> >
>> > Product Name
>> >
>> > Apache Ignite
>> >
>> >
>> >
>> > Versions
>> >
>> > development
>> >
>> > 2.7 and later <Earlier versions-TBD?>
>> >
>> >
>> >
>> > ECCN
>> >
>> > 5D002
>> >
>> >
>> >
>> > Controlled source
>> >
>> > ASF
>> >
>> > title=Designed to use with built-in Java Cryptography Architecture (JCA)
>> >
>> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
>> >
>> >
>> >
>> > Oracle
>> >
>> > title=Designed to use with built-in Java encryption libraries (JCE)
>> >
>> > href=
>> https://www.oracle.com/technetwork/java/javase/downloads/index.html
>> >
>> >
>> >
>> > The OpenSSL Project
>> >
>> > title=Designed to use General Purpose cryptography library included with
>> >
>> > OpenSSL
>> >
>> > href=https://www.openssl.org/source/
>> >
>> >
>> >
>> > Microsoft
>> >
>> > title=Designed to use .NET Framework Cryptography Model
>> >
>> > href=https://dotnet.microsoft.com/download
>> >
>> > >>>>>>
>> >
>> >
>> >
>> > Open questions:
>> >
>> > 1) Declaring older versions of Ignite.
>> >
>> > 2) Is it correct to mention that Ignite uses .NET core controlled by
>> .NET
>> >
>> > Foundation? E.g. as follows:
>> >
>> > (controlled by)
>> >
>> > .NET Foundation
>> >
>> > title=Designed to use .NET Framework Cryptography Model
>> >
>> > href=https://dotnetfoundation.org/projects
>> >
>> >
>> >
>> > Should it go instead of Microsoft? Should we mention .NET code in
>> addition
>> >
>> > to Microsoft?
>> >
>> >
>> >
>> > Sincerely,
>> >
>> > Dmitriy Pavlov
>> >
>> >
>> >
>> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <pt...@apache.org>:
>> >
>> >
>> >
>> > > Hi Denis,
>> >
>> > >
>> >
>> > > Ignite.NET uses .NET Framework Standard Library for all security and
>> >
>> > > cryptographic related code. There are no dependencies on external
>> >
>> > > libraries.
>> >
>> > >
>> >
>> > > Thanks
>> >
>> > >
>> >
>> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:
>> >
>> > >
>> >
>> > > > Igniters,
>> >
>> > > >
>> >
>> > > > Regardless of the fact that Ignite is an open source software, ASF
>> as
>> > an
>> >
>> > > > entity based in the U.S. has to comply with certain exporting
>> > regulations
>> >
>> > > > [1].
>> >
>> > > >
>> >
>> > > > Dmitry Pavlov and I are working on adding Ignite to the table [2] of
>> >
>> > > > projects allowed for export and might need the assistance of some of
>> > you.
>> >
>> > > >
>> >
>> > > > Here is a list of cryptographic functions used by Ignite (and
>> provided
>> > by
>> >
>> > > > a 3rd party vendor):
>> >
>> > > >
>> >
>> > > >    1. JDK SSL/TLS libraries if a user wishes to enable secured
>> >
>> > > >    connectivity between cluster nodes. Manufacturer -
>> Oracle/OpenJDK (
>> >
>> > > >    https://apacheignite.readme.io/docs/ssltls)
>> >
>> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries
>> for
>> >
>> > > >    transparent data encryption of data on disk (
>> >
>> > > >    https://apacheignite.readme.io/docs/transparent-data-encryption)
>> >
>> > > >    3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*,
>> > could
>> >
>> > > >    you check?
>> >
>> > > >    4. Libraries/vendors for C++ clients security (SSL, TLS, anything
>> >
>> > > >    else?). *Igor Sapego*, could you please check?
>> >
>> > > >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin
>> >
>> > > >    client contributors*, please facilitate.
>> >
>> > > >    6. Anything else missing from the list? We don't have any custom
>> >
>> > > >    crypto features, right?
>> >
>> > > >
>> >
>> > > > All of these usages/integrations have to comply with the following
>> >
>> > > > checklist [3] before I, as a PMC Chair, submit a notice to Export
>> >
>> > > > Administration Regulations of the U.S.A.
>> >
>> > > >
>> >
>> > > > [1] http://www.apache.org/licenses/exports/
>> >
>> > > > [2] http://www.apache.org/licenses/exports/#matrix
>> >
>> > > > [3] https://www.apache.org/dev/crypto.html#classify
>> >
>> > > >
>> >
>> > > >
>> >
>> > > > -
>> >
>> > > > Denis
>> >
>> > > >
>> >
>> > >
>> >
>> >
>> >
>>
>

Re: Signing off Ignite for export beyond the U.S.

[Dmitriy Pavlov <dp...@apache.org>]

Pavel,

we need to follow the process from
https://www.apache.org/dev/crypto.html#classify

Please see similar products in the draft export matrix,
https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7


We don't ship JDK, but we designed our product to use a cryptographic
feature from this 3rd party product, so we need to follow this process and
provide matrix update, add CRYPTO notice (I'll draft it).

Other products don't declare all possible JDKs -
http://www.apache.org/licenses/exports/#matrix So, probably, one
declaration of .NET classic (Microsoft) would be enough.

Sincerely,
Dmitriy Pavlov

пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <pt...@apache.org>:

> >>Should it go instead of Microsoft? Should we mention .NET code in
> addition
>
> >>to Microsoft?
>
>
>
> >Yes, I think we can do this. Ignite targets both of the them. And .NET
> Core uses it’s own implementation of standard class library[1]
>
> >Pavel may correct me.
>
>
> We use crypto APIs from standard class library. We ship our binaries, but
> we don't ship the framework binaries.
>
> Our binaries can be executed with .NET Core (open-source, MIT license),
> Mono (open-source, MIT license), and .NET Classic (old framework,
> Windows-only, Microsoft license).
>
> I'm still not sure what is the question we are trying to answer, though.
>
>
> Thanks,
>
> Pavel
>
>
>
> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <le...@gmail.com>
> wrote:
>
> > >1) Declaring older versions of Ignite.
> >
> > >2) Is it correct to mention that Ignite uses .NET core controlled by
> .NET
> >
> > >Foundation? E.g. as follows:
> >
> > >(controlled by)
> >
> > >.NET Foundation
> >
> > >title=Designed to use .NET Framework Cryptography Model
> >
> > >href=https://dotnetfoundation.org/projects
> >
> >
> >
> > >Should it go instead of Microsoft? Should we mention .NET code in
> addition
> >
> > >to Microsoft?
> >
> >
> >
> > Yes, I think we can do this. Ignite targets both of the them. And .NET
> > Core uses it’s own implementation of standard class library[1]
> >
> > Pavel may correct me.
> >
> >
> >
> > [1] https://github.com/dotnet/corefx
> >
> >
> >
> > *From: *Dmitriy Pavlov <dp...@apache.org>
> > *Sent: *Monday, June 17, 2019 4:35 PM
> > *To: *dev <de...@ignite.apache.org>
> > *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <is...@apache.org>;
> Pavel
> > Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <ni...@apache.org>
> > *Subject: *Re: Signing off Ignite for export beyond the U.S.
> >
> >
> >
> > Thanks, Pavel!
> >
> >
> >
> > Denis, Pavel, Igniters, please review the following proposal:
> >
> >
> >
> > - Python, Node JS, ODBC to be declared as OpenSSL usage.
> >
> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage.
> >
> > - SSLContextFactory usage to be declared as JCA/JCE usage.
> >
> > - TDE to be declared as JCA/JCE
> >
> >
> >
> > Export matrix data to be published in ASF-level SVN:
> >
> > <<<<<
> >
> > Product Name
> >
> > Apache Ignite
> >
> >
> >
> > Versions
> >
> > development
> >
> > 2.7 and later <Earlier versions-TBD?>
> >
> >
> >
> > ECCN
> >
> > 5D002
> >
> >
> >
> > Controlled source
> >
> > ASF
> >
> > title=Designed to use with built-in Java Cryptography Architecture (JCA)
> >
> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
> >
> >
> >
> > Oracle
> >
> > title=Designed to use with built-in Java encryption libraries (JCE)
> >
> > href=https://www.oracle.com/technetwork/java/javase/downloads/index.html
> >
> >
> >
> > The OpenSSL Project
> >
> > title=Designed to use General Purpose cryptography library included with
> >
> > OpenSSL
> >
> > href=https://www.openssl.org/source/
> >
> >
> >
> > Microsoft
> >
> > title=Designed to use .NET Framework Cryptography Model
> >
> > href=https://dotnet.microsoft.com/download
> >
> > >>>>>>
> >
> >
> >
> > Open questions:
> >
> > 1) Declaring older versions of Ignite.
> >
> > 2) Is it correct to mention that Ignite uses .NET core controlled by
> .NET
> >
> > Foundation? E.g. as follows:
> >
> > (controlled by)
> >
> > .NET Foundation
> >
> > title=Designed to use .NET Framework Cryptography Model
> >
> > href=https://dotnetfoundation.org/projects
> >
> >
> >
> > Should it go instead of Microsoft? Should we mention .NET code in
> addition
> >
> > to Microsoft?
> >
> >
> >
> > Sincerely,
> >
> > Dmitriy Pavlov
> >
> >
> >
> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <pt...@apache.org>:
> >
> >
> >
> > > Hi Denis,
> >
> > >
> >
> > > Ignite.NET uses .NET Framework Standard Library for all security and
> >
> > > cryptographic related code. There are no dependencies on external
> >
> > > libraries.
> >
> > >
> >
> > > Thanks
> >
> > >
> >
> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:
> >
> > >
> >
> > > > Igniters,
> >
> > > >
> >
> > > > Regardless of the fact that Ignite is an open source software, ASF as
> > an
> >
> > > > entity based in the U.S. has to comply with certain exporting
> > regulations
> >
> > > > [1].
> >
> > > >
> >
> > > > Dmitry Pavlov and I are working on adding Ignite to the table [2] of
> >
> > > > projects allowed for export and might need the assistance of some of
> > you.
> >
> > > >
> >
> > > > Here is a list of cryptographic functions used by Ignite (and
> provided
> > by
> >
> > > > a 3rd party vendor):
> >
> > > >
> >
> > > >    1. JDK SSL/TLS libraries if a user wishes to enable secured
> >
> > > >    connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK
> (
> >
> > > >    https://apacheignite.readme.io/docs/ssltls)
> >
> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for
> >
> > > >    transparent data encryption of data on disk (
> >
> > > >    https://apacheignite.readme.io/docs/transparent-data-encryption)
> >
> > > >    3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*,
> > could
> >
> > > >    you check?
> >
> > > >    4. Libraries/vendors for C++ clients security (SSL, TLS, anything
> >
> > > >    else?). *Igor Sapego*, could you please check?
> >
> > > >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin
> >
> > > >    client contributors*, please facilitate.
> >
> > > >    6. Anything else missing from the list? We don't have any custom
> >
> > > >    crypto features, right?
> >
> > > >
> >
> > > > All of these usages/integrations have to comply with the following
> >
> > > > checklist [3] before I, as a PMC Chair, submit a notice to Export
> >
> > > > Administration Regulations of the U.S.A.
> >
> > > >
> >
> > > > [1] http://www.apache.org/licenses/exports/
> >
> > > > [2] http://www.apache.org/licenses/exports/#matrix
> >
> > > > [3] https://www.apache.org/dev/crypto.html#classify
> >
> > > >
> >
> > > >
> >
> > > > -
> >
> > > > Denis
> >
> > > >
> >
> > >
> >
> >
> >
>

Re: Signing off Ignite for export beyond the U.S.

[Pavel Tupitsyn <pt...@apache.org>]

>>Should it go instead of Microsoft? Should we mention .NET code in addition

>>to Microsoft?



>Yes, I think we can do this. Ignite targets both of the them. And .NET
Core uses it’s own implementation of standard class library[1]

>Pavel may correct me.


We use crypto APIs from standard class library. We ship our binaries, but
we don't ship the framework binaries.

Our binaries can be executed with .NET Core (open-source, MIT license),
Mono (open-source, MIT license), and .NET Classic (old framework,
Windows-only, Microsoft license).

I'm still not sure what is the question we are trying to answer, though.


Thanks,

Pavel



On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <le...@gmail.com> wrote:

> >1) Declaring older versions of Ignite.
>
> >2) Is it correct to mention that Ignite uses .NET core controlled by  .NET
>
> >Foundation? E.g. as follows:
>
> >(controlled by)
>
> >.NET Foundation
>
> >title=Designed to use .NET Framework Cryptography Model
>
> >href=https://dotnetfoundation.org/projects
>
>
>
> >Should it go instead of Microsoft? Should we mention .NET code in addition
>
> >to Microsoft?
>
>
>
> Yes, I think we can do this. Ignite targets both of the them. And .NET
> Core uses it’s own implementation of standard class library[1]
>
> Pavel may correct me.
>
>
>
> [1] https://github.com/dotnet/corefx
>
>
>
> *From: *Dmitriy Pavlov <dp...@apache.org>
> *Sent: *Monday, June 17, 2019 4:35 PM
> *To: *dev <de...@ignite.apache.org>
> *Cc: *Denis Magda <dm...@apache.org>; Igor Sapego <is...@apache.org>; Pavel
> Petroshenko <p...@nobitlost.com>; Nikolay Izhikov <ni...@apache.org>
> *Subject: *Re: Signing off Ignite for export beyond the U.S.
>
>
>
> Thanks, Pavel!
>
>
>
> Denis, Pavel, Igniters, please review the following proposal:
>
>
>
> - Python, Node JS, ODBC to be declared as OpenSSL usage.
>
> - AWS-S3 client-side encryption to be declared as JCA/JCE usage.
>
> - SSLContextFactory usage to be declared as JCA/JCE usage.
>
> - TDE to be declared as JCA/JCE
>
>
>
> Export matrix data to be published in ASF-level SVN:
>
> <<<<<
>
> Product Name
>
> Apache Ignite
>
>
>
> Versions
>
> development
>
> 2.7 and later <Earlier versions-TBD?>
>
>
>
> ECCN
>
> 5D002
>
>
>
> Controlled source
>
> ASF
>
> title=Designed to use with built-in Java Cryptography Architecture (JCA)
>
> href=https://gitbox.apache.org/repos/asf?p=ignite.git
>
>
>
> Oracle
>
> title=Designed to use with built-in Java encryption libraries (JCE)
>
> href=https://www.oracle.com/technetwork/java/javase/downloads/index.html
>
>
>
> The OpenSSL Project
>
> title=Designed to use General Purpose cryptography library included with
>
> OpenSSL
>
> href=https://www.openssl.org/source/
>
>
>
> Microsoft
>
> title=Designed to use .NET Framework Cryptography Model
>
> href=https://dotnet.microsoft.com/download
>
> >>>>>>
>
>
>
> Open questions:
>
> 1) Declaring older versions of Ignite.
>
> 2) Is it correct to mention that Ignite uses .NET core controlled by  .NET
>
> Foundation? E.g. as follows:
>
> (controlled by)
>
> .NET Foundation
>
> title=Designed to use .NET Framework Cryptography Model
>
> href=https://dotnetfoundation.org/projects
>
>
>
> Should it go instead of Microsoft? Should we mention .NET code in addition
>
> to Microsoft?
>
>
>
> Sincerely,
>
> Dmitriy Pavlov
>
>
>
> пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <pt...@apache.org>:
>
>
>
> > Hi Denis,
>
> >
>
> > Ignite.NET uses .NET Framework Standard Library for all security and
>
> > cryptographic related code. There are no dependencies on external
>
> > libraries.
>
> >
>
> > Thanks
>
> >
>
> > ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:
>
> >
>
> > > Igniters,
>
> > >
>
> > > Regardless of the fact that Ignite is an open source software, ASF as
> an
>
> > > entity based in the U.S. has to comply with certain exporting
> regulations
>
> > > [1].
>
> > >
>
> > > Dmitry Pavlov and I are working on adding Ignite to the table [2] of
>
> > > projects allowed for export and might need the assistance of some of
> you.
>
> > >
>
> > > Here is a list of cryptographic functions used by Ignite (and provided
> by
>
> > > a 3rd party vendor):
>
> > >
>
> > >    1. JDK SSL/TLS libraries if a user wishes to enable secured
>
> > >    connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK (
>
> > >    https://apacheignite.readme.io/docs/ssltls)
>
> > >    2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for
>
> > >    transparent data encryption of data on disk (
>
> > >    https://apacheignite.readme.io/docs/transparent-data-encryption)
>
> > >    3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*,
> could
>
> > >    you check?
>
> > >    4. Libraries/vendors for C++ clients security (SSL, TLS, anything
>
> > >    else?). *Igor Sapego*, could you please check?
>
> > >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin
>
> > >    client contributors*, please facilitate.
>
> > >    6. Anything else missing from the list? We don't have any custom
>
> > >    crypto features, right?
>
> > >
>
> > > All of these usages/integrations have to comply with the following
>
> > > checklist [3] before I, as a PMC Chair, submit a notice to Export
>
> > > Administration Regulations of the U.S.A.
>
> > >
>
> > > [1] http://www.apache.org/licenses/exports/
>
> > > [2] http://www.apache.org/licenses/exports/#matrix
>
> > > [3] https://www.apache.org/dev/crypto.html#classify
>
> > >
>
> > >
>
> > > -
>
> > > Denis
>
> > >
>
> >
>
>
>

Re: Signing off Ignite for export beyond the U.S.

[Dmitriy Pavlov <dp...@apache.org>]

Alexander, thank you for your reply.

Let's follow the motto: "Show me the code!" Even we don't have any single
line of code here.

I've created
- issue https://issues.apache.org/jira/browse/IGNITE-11932
- a new head with draft content
https://gitbox.apache.org/repos/asf?p=ignite.git;a=shortlog;h=refs/heads/ignite-11932

- PR https://github.com/apache/ignite/pull/6616/files

For preparing an update to SVN (I don't have karma to update, so Denis I
will ask you for an update once we finalize content).

Committers are encouraged to update branch directly, everyone else can
suggest edits using GitHub.

Sincerely,
Dmitriy Pavlov

пн, 17 июн. 2019 г. в 17:20, Alexandr Shapkin <le...@gmail.com>:

> >1) Declaring older versions of Ignite.
> >2) Is it correct to mention that Ignite uses .NET core controlled by  .NET
> >Foundation? E.g. as follows:
> >(controlled by)
> >.NET Foundation
> >title=Designed to use .NET Framework Cryptography Model
> >href=https://dotnetfoundation.org/projects
>
> >Should it go instead of Microsoft? Should we mention .NET code in addition
> >to Microsoft?
>
> Yes, I think we can do this. Ignite targets both of the them. And .NET
> Core uses it’s own implementation of standard class library[1]
> Pavel may correct me.
>
> [1] https://github.com/dotnet/corefx
>
> From: Dmitriy Pavlov
> Sent: Monday, June 17, 2019 4:35 PM
> To: dev
> Cc: Denis Magda; Igor Sapego; Pavel Petroshenko; Nikolay Izhikov
> Subject: Re: Signing off Ignite for export beyond the U.S.
>
> Thanks, Pavel!
>
> Denis, Pavel, Igniters, please review the following proposal:
>
> - Python, Node JS, ODBC to be declared as OpenSSL usage.
> - AWS-S3 client-side encryption to be declared as JCA/JCE usage.
> - SSLContextFactory usage to be declared as JCA/JCE usage.
> - TDE to be declared as JCA/JCE
>
> Export matrix data to be published in ASF-level SVN:
> <<<<<
> Product Name
> Apache Ignite
>
> Versions
> development
> 2.7 and later <Earlier versions-TBD?>
>
> ECCN
> 5D002
>
> Controlled source
> ASF
> title=Designed to use with built-in Java Cryptography Architecture (JCA)
> href=https://gitbox.apache.org/repos/asf?p=ignite.git
>
> Oracle
> title=Designed to use with built-in Java encryption libraries (JCE)
> href=https://www.oracle.com/technetwork/java/javase/downloads/index.html
>
> The OpenSSL Project
> title=Designed to use General Purpose cryptography library included with
> OpenSSL
> href=https://www.openssl.org/source/
>
> Microsoft
> title=Designed to use .NET Framework Cryptography Model
> href=https://dotnet.microsoft.com/download
> >>>>>>
>
> Open questions:
> 1) Declaring older versions of Ignite.
> 2) Is it correct to mention that Ignite uses .NET core controlled by  .NET
> Foundation? E.g. as follows:
> (controlled by)
> .NET Foundation
> title=Designed to use .NET Framework Cryptography Model
> href=https://dotnetfoundation.org/projects
>
> Should it go instead of Microsoft? Should we mention .NET code in addition
> to Microsoft?
>
> Sincerely,
> Dmitriy Pavlov
>
> пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <pt...@apache.org>:
>
> > Hi Denis,
> >
> > Ignite.NET uses .NET Framework Standard Library for all security and
> > cryptographic related code. There are no dependencies on external
> > libraries.
> >
> > Thanks
> >
> > ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:
> >
> > > Igniters,
> > >
> > > Regardless of the fact that Ignite is an open source software, ASF as
> an
> > > entity based in the U.S. has to comply with certain exporting
> regulations
> > > [1].
> > >
> > > Dmitry Pavlov and I are working on adding Ignite to the table [2] of
> > > projects allowed for export and might need the assistance of some of
> you.
> > >
> > > Here is a list of cryptographic functions used by Ignite (and provided
> by
> > > a 3rd party vendor):
> > >
> > >    1. JDK SSL/TLS libraries if a user wishes to enable secured
> > >    connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK (
> > >    https://apacheignite.readme.io/docs/ssltls)
> > >    2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for
> > >    transparent data encryption of data on disk (
> > >    https://apacheignite.readme.io/docs/transparent-data-encryption)
> > >    3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*,
> could
> > >    you check?
> > >    4. Libraries/vendors for C++ clients security (SSL, TLS, anything
> > >    else?). *Igor Sapego*, could you please check?
> > >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin
> > >    client contributors*, please facilitate.
> > >    6. Anything else missing from the list? We don't have any custom
> > >    crypto features, right?
> > >
> > > All of these usages/integrations have to comply with the following
> > > checklist [3] before I, as a PMC Chair, submit a notice to Export
> > > Administration Regulations of the U.S.A.
> > >
> > > [1] http://www.apache.org/licenses/exports/
> > > [2] http://www.apache.org/licenses/exports/#matrix
> > > [3] https://www.apache.org/dev/crypto.html#classify
> > >
> > >
> > > -
> > > Denis
> > >
> >
>
>

RE: Signing off Ignite for export beyond the U.S.

[Alexandr Shapkin <le...@gmail.com>]

>1) Declaring older versions of Ignite.
>2) Is it correct to mention that Ignite uses .NET core controlled by  .NET
>Foundation? E.g. as follows:
>(controlled by)
>.NET Foundation
>title=Designed to use .NET Framework Cryptography Model
>href=https://dotnetfoundation.org/projects

>Should it go instead of Microsoft? Should we mention .NET code in addition
>to Microsoft?

Yes, I think we can do this. Ignite targets both of the them. And .NET Core uses it’s own implementation of standard class library[1]
Pavel may correct me.

[1] https://github.com/dotnet/corefx

From: Dmitriy Pavlov
Sent: Monday, June 17, 2019 4:35 PM
To: dev
Cc: Denis Magda; Igor Sapego; Pavel Petroshenko; Nikolay Izhikov
Subject: Re: Signing off Ignite for export beyond the U.S.

Thanks, Pavel!

Denis, Pavel, Igniters, please review the following proposal:

- Python, Node JS, ODBC to be declared as OpenSSL usage.
- AWS-S3 client-side encryption to be declared as JCA/JCE usage.
- SSLContextFactory usage to be declared as JCA/JCE usage.
- TDE to be declared as JCA/JCE

Export matrix data to be published in ASF-level SVN:
<<<<<
Product Name
Apache Ignite

Versions
development
2.7 and later <Earlier versions-TBD?>

ECCN
5D002

Controlled source
ASF
title=Designed to use with built-in Java Cryptography Architecture (JCA)
href=https://gitbox.apache.org/repos/asf?p=ignite.git

Oracle
title=Designed to use with built-in Java encryption libraries (JCE)
href=https://www.oracle.com/technetwork/java/javase/downloads/index.html

The OpenSSL Project
title=Designed to use General Purpose cryptography library included with
OpenSSL
href=https://www.openssl.org/source/

Microsoft
title=Designed to use .NET Framework Cryptography Model
href=https://dotnet.microsoft.com/download
>>>>>>

Open questions:
1) Declaring older versions of Ignite.
2) Is it correct to mention that Ignite uses .NET core controlled by  .NET
Foundation? E.g. as follows:
(controlled by)
.NET Foundation
title=Designed to use .NET Framework Cryptography Model
href=https://dotnetfoundation.org/projects

Should it go instead of Microsoft? Should we mention .NET code in addition
to Microsoft?

Sincerely,
Dmitriy Pavlov

пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <pt...@apache.org>:

> Hi Denis,
>
> Ignite.NET uses .NET Framework Standard Library for all security and
> cryptographic related code. There are no dependencies on external
> libraries.
>
> Thanks
>
> ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:
>
> > Igniters,
> >
> > Regardless of the fact that Ignite is an open source software, ASF as an
> > entity based in the U.S. has to comply with certain exporting regulations
> > [1].
> >
> > Dmitry Pavlov and I are working on adding Ignite to the table [2] of
> > projects allowed for export and might need the assistance of some of you.
> >
> > Here is a list of cryptographic functions used by Ignite (and provided by
> > a 3rd party vendor):
> >
> >    1. JDK SSL/TLS libraries if a user wishes to enable secured
> >    connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK (
> >    https://apacheignite.readme.io/docs/ssltls)
> >    2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for
> >    transparent data encryption of data on disk (
> >    https://apacheignite.readme.io/docs/transparent-data-encryption)
> >    3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, could
> >    you check?
> >    4. Libraries/vendors for C++ clients security (SSL, TLS, anything
> >    else?). *Igor Sapego*, could you please check?
> >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin
> >    client contributors*, please facilitate.
> >    6. Anything else missing from the list? We don't have any custom
> >    crypto features, right?
> >
> > All of these usages/integrations have to comply with the following
> > checklist [3] before I, as a PMC Chair, submit a notice to Export
> > Administration Regulations of the U.S.A.
> >
> > [1] http://www.apache.org/licenses/exports/
> > [2] http://www.apache.org/licenses/exports/#matrix
> > [3] https://www.apache.org/dev/crypto.html#classify
> >
> >
> > -
> > Denis
> >
>

Re: Signing off Ignite for export beyond the U.S.

[Dmitriy Pavlov <dp...@apache.org>]

Thanks, Pavel!

Denis, Pavel, Igniters, please review the following proposal:

- Python, Node JS, ODBC to be declared as OpenSSL usage.
- AWS-S3 client-side encryption to be declared as JCA/JCE usage.
- SSLContextFactory usage to be declared as JCA/JCE usage.
- TDE to be declared as JCA/JCE

Export matrix data to be published in ASF-level SVN:
<<<<<
Product Name
Apache Ignite

Versions
development
2.7 and later <Earlier versions-TBD?>

ECCN
5D002

Controlled source
ASF
title=Designed to use with built-in Java Cryptography Architecture (JCA)
href=https://gitbox.apache.org/repos/asf?p=ignite.git

Oracle
title=Designed to use with built-in Java encryption libraries (JCE)
href=https://www.oracle.com/technetwork/java/javase/downloads/index.html

The OpenSSL Project
title=Designed to use General Purpose cryptography library included with
OpenSSL
href=https://www.openssl.org/source/

Microsoft
title=Designed to use .NET Framework Cryptography Model
href=https://dotnet.microsoft.com/download
 >>>>>>

Open questions:
1) Declaring older versions of Ignite.
2) Is it correct to mention that Ignite uses .NET core controlled by  .NET
Foundation? E.g. as follows:
(controlled by)
.NET Foundation
title=Designed to use .NET Framework Cryptography Model
href=https://dotnetfoundation.org/projects

Should it go instead of Microsoft? Should we mention .NET code in addition
to Microsoft?

Sincerely,
Dmitriy Pavlov

пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <pt...@apache.org>:

> Hi Denis,
>
> Ignite.NET uses .NET Framework Standard Library for all security and
> cryptographic related code. There are no dependencies on external
> libraries.
>
> Thanks
>
> ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:
>
> > Igniters,
> >
> > Regardless of the fact that Ignite is an open source software, ASF as an
> > entity based in the U.S. has to comply with certain exporting regulations
> > [1].
> >
> > Dmitry Pavlov and I are working on adding Ignite to the table [2] of
> > projects allowed for export and might need the assistance of some of you.
> >
> > Here is a list of cryptographic functions used by Ignite (and provided by
> > a 3rd party vendor):
> >
> >    1. JDK SSL/TLS libraries if a user wishes to enable secured
> >    connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK (
> >    https://apacheignite.readme.io/docs/ssltls)
> >    2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for
> >    transparent data encryption of data on disk (
> >    https://apacheignite.readme.io/docs/transparent-data-encryption)
> >    3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, could
> >    you check?
> >    4. Libraries/vendors for C++ clients security (SSL, TLS, anything
> >    else?). *Igor Sapego*, could you please check?
> >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin
> >    client contributors*, please facilitate.
> >    6. Anything else missing from the list? We don't have any custom
> >    crypto features, right?
> >
> > All of these usages/integrations have to comply with the following
> > checklist [3] before I, as a PMC Chair, submit a notice to Export
> > Administration Regulations of the U.S.A.
> >
> > [1] http://www.apache.org/licenses/exports/
> > [2] http://www.apache.org/licenses/exports/#matrix
> > [3] https://www.apache.org/dev/crypto.html#classify
> >
> >
> > -
> > Denis
> >
>

Re: Signing off Ignite for export beyond the U.S.

[Pavel Tupitsyn <pt...@apache.org>]

Hi Denis,

Ignite.NET uses .NET Framework Standard Library for all security and
cryptographic related code. There are no dependencies on external libraries.

Thanks

ср, 12 июн. 2019 г., 21:07 Denis Magda <dm...@apache.org>:

> Igniters,
>
> Regardless of the fact that Ignite is an open source software, ASF as an
> entity based in the U.S. has to comply with certain exporting regulations
> [1].
>
> Dmitry Pavlov and I are working on adding Ignite to the table [2] of
> projects allowed for export and might need the assistance of some of you.
>
> Here is a list of cryptographic functions used by Ignite (and provided by
> a 3rd party vendor):
>
>    1. JDK SSL/TLS libraries if a user wishes to enable secured
>    connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK (
>    https://apacheignite.readme.io/docs/ssltls)
>    2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for
>    transparent data encryption of data on disk (
>    https://apacheignite.readme.io/docs/transparent-data-encryption)
>    3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, could
>    you check?
>    4. Libraries/vendors for C++ clients security (SSL, TLS, anything
>    else?). *Igor Sapego*, could you please check?
>    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin
>    client contributors*, please facilitate.
>    6. Anything else missing from the list? We don't have any custom
>    crypto features, right?
>
> All of these usages/integrations have to comply with the following
> checklist [3] before I, as a PMC Chair, submit a notice to Export
> Administration Regulations of the U.S.A.
>
> [1] http://www.apache.org/licenses/exports/
> [2] http://www.apache.org/licenses/exports/#matrix
> [3] https://www.apache.org/dev/crypto.html#classify
>
>
> -
> Denis
>

Re: Signing off Ignite for export beyond the U.S.

[Dmitriy Pavlov <dp...@apache.org>]

Alexey, Igor, thank you for your replies.

I've found one more usage at Java side:
It is Amazon AWS S3 Client-side encryption:
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html

See code at:
https://github.com/apache/ignite/blob/master/modules/aws/src/main/java/org/apache/ignite/spi/discovery/tcp/ipfinder/s3/encrypt/package-info.java

It was contributed under https://issues.apache.org/jira/browse/IGNITE-7054


Sincerely,
Dmitriy Pavlov

сб, 15 июн. 2019 г. в 00:57, Denis Magda <dm...@apache.org>:

> Alex, Igor, thanks for the details. Looks good.
>
> *Pavel Tupitsyn, Aleksandr Shapkin,* could you please help with .NET?
>
> -
> Denis
>
>
> On Thu, Jun 13, 2019 at 2:08 AM Igor Sapego <is...@apache.org> wrote:
>
> > Denis,
> >
> > C++ thin client and ODBC use OpenSSL to establish secure connection with
> > the cluster and do not contain any crypto algorithms in their own code.
> >
> > Best Regards,
> > Igor
> >
> >
> > On Thu, Jun 13, 2019 at 12:56 AM Alexey Kosenchuk <
> > alexey.kosenchuk@nobitlost.com> wrote:
> >
> >> Hi Denis,
> >>
> >> Info about Python, PHP, Node.JS thin clients:
> >>
> >> The clients itself do not contain any cryptographic code but use the
> >> features provided by the underlying platforms.
> >>
> >> Python client uses Python's SSL lib [1] which is a wrapper over OpenSSL
> >> [2].
> >> Python 2.7 and Python 3.4 require OpenSSL 1.0, Python 3.5 and higher
> >> require OpenSSL 1.1.
> >>
> >> NodeJS client uses NodeJS's tls module [3] which is a wrapper over
> >> OpenSSL [2].
> >> NodeJS 8.x requires OpenSSL 1.0, NodeJS 10.x and higher require OpenSSL
> >> 1.1.
> >>
> >> PHP client uses PHP OpenSSL extension [4].
> >> PHP 7.2 and higher require OpenSSL 1.0.
> >>
> >> [1] https://docs.python.org/3/library/ssl.html
> >> [2] https://www.openssl.org/
> >> [3] https://nodejs.org/api/tls.html
> >> [4] https://www.php.net/manual/en/book.openssl.php
> >>
> >> Regards,
> >> -Alexey
> >>
> >> > Igniters,
> >> >
> >> > Regardless of the fact that Ignite is an open source software, ASF as
> >> an
> >> > entity based in the U.S. has to comply with certain exporting
> >> > regulations [1].
> >> >
> >> > Dmitry Pavlov and I are working on adding Ignite to the table [2] of
> >> > projects allowed for export and might need the assistance of some of
> >> you.
> >> >
> >> > Here is a list of cryptographic functions used by Ignite (and provided
> >> > by a 3rd party vendor):
> >> >
> >> >  1. JDK SSL/TLS libraries if a user wishes to enable secured
> >> >     connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK
> >> >     (https://apacheignite.readme.io/docs/ssltls)
> >> >  2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for
> >> >     transparent data encryption of data on disk
> >> >     (https://apacheignite.readme.io/docs/transparent-data-encryption)
> >> >  3. Libraries/vendors for .NET nodes security?*Pavel Tupitsyn*, could
> >> >     you check?
> >> >  4. Libraries/vendors for C++ clients security (SSL, TLS, anything
> >> >     else?). *Igor Sapego*, could you please check?
> >> >  5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin
> >> >     client contributors*, please facilitate.
> >> >  6. Anything else missing from the list? We don't have any custom
> crypto
> >> >     features, right?
> >> >
> >> > All of these usages/integrations have to comply with the following
> >> > checklist [3] before I, as a PMC Chair, submit a notice to Export
> >> > Administration Regulations of the U.S.A.
> >> >
> >> > [1] http://www.apache.org/licenses/exports/
> >> > [2] http://www.apache.org/licenses/exports/#matrix
> >> > [3] https://www.apache.org/dev/crypto.html#classify
> >> >
> >> >
> >> > -
> >> > Denis
> >>
> >
>

Re: Signing off Ignite for export beyond the U.S.

[Denis Magda <dm...@apache.org>]

Alex, Igor, thanks for the details. Looks good.

*Pavel Tupitsyn, Aleksandr Shapkin,* could you please help with .NET?

-
Denis


On Thu, Jun 13, 2019 at 2:08 AM Igor Sapego <is...@apache.org> wrote:

> Denis,
>
> C++ thin client and ODBC use OpenSSL to establish secure connection with
> the cluster and do not contain any crypto algorithms in their own code.
>
> Best Regards,
> Igor
>
>
> On Thu, Jun 13, 2019 at 12:56 AM Alexey Kosenchuk <
> alexey.kosenchuk@nobitlost.com> wrote:
>
>> Hi Denis,
>>
>> Info about Python, PHP, Node.JS thin clients:
>>
>> The clients itself do not contain any cryptographic code but use the
>> features provided by the underlying platforms.
>>
>> Python client uses Python's SSL lib [1] which is a wrapper over OpenSSL
>> [2].
>> Python 2.7 and Python 3.4 require OpenSSL 1.0, Python 3.5 and higher
>> require OpenSSL 1.1.
>>
>> NodeJS client uses NodeJS's tls module [3] which is a wrapper over
>> OpenSSL [2].
>> NodeJS 8.x requires OpenSSL 1.0, NodeJS 10.x and higher require OpenSSL
>> 1.1.
>>
>> PHP client uses PHP OpenSSL extension [4].
>> PHP 7.2 and higher require OpenSSL 1.0.
>>
>> [1] https://docs.python.org/3/library/ssl.html
>> [2] https://www.openssl.org/
>> [3] https://nodejs.org/api/tls.html
>> [4] https://www.php.net/manual/en/book.openssl.php
>>
>> Regards,
>> -Alexey
>>
>> > Igniters,
>> >
>> > Regardless of the fact that Ignite is an open source software, ASF as
>> an
>> > entity based in the U.S. has to comply with certain exporting
>> > regulations [1].
>> >
>> > Dmitry Pavlov and I are working on adding Ignite to the table [2] of
>> > projects allowed for export and might need the assistance of some of
>> you.
>> >
>> > Here is a list of cryptographic functions used by Ignite (and provided
>> > by a 3rd party vendor):
>> >
>> >  1. JDK SSL/TLS libraries if a user wishes to enable secured
>> >     connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK
>> >     (https://apacheignite.readme.io/docs/ssltls)
>> >  2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for
>> >     transparent data encryption of data on disk
>> >     (https://apacheignite.readme.io/docs/transparent-data-encryption)
>> >  3. Libraries/vendors for .NET nodes security?*Pavel Tupitsyn*, could
>> >     you check?
>> >  4. Libraries/vendors for C++ clients security (SSL, TLS, anything
>> >     else?). *Igor Sapego*, could you please check?
>> >  5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin
>> >     client contributors*, please facilitate.
>> >  6. Anything else missing from the list? We don't have any custom crypto
>> >     features, right?
>> >
>> > All of these usages/integrations have to comply with the following
>> > checklist [3] before I, as a PMC Chair, submit a notice to Export
>> > Administration Regulations of the U.S.A.
>> >
>> > [1] http://www.apache.org/licenses/exports/
>> > [2] http://www.apache.org/licenses/exports/#matrix
>> > [3] https://www.apache.org/dev/crypto.html#classify
>> >
>> >
>> > -
>> > Denis
>>
>

Re: Signing off Ignite for export beyond the U.S.

[Igor Sapego <is...@apache.org>]

Denis,

C++ thin client and ODBC use OpenSSL to establish secure connection with
the cluster and do not contain any crypto algorithms in their own code.

Best Regards,
Igor


On Thu, Jun 13, 2019 at 12:56 AM Alexey Kosenchuk <
alexey.kosenchuk@nobitlost.com> wrote:

> Hi Denis,
>
> Info about Python, PHP, Node.JS thin clients:
>
> The clients itself do not contain any cryptographic code but use the
> features provided by the underlying platforms.
>
> Python client uses Python's SSL lib [1] which is a wrapper over OpenSSL
> [2].
> Python 2.7 and Python 3.4 require OpenSSL 1.0, Python 3.5 and higher
> require OpenSSL 1.1.
>
> NodeJS client uses NodeJS's tls module [3] which is a wrapper over
> OpenSSL [2].
> NodeJS 8.x requires OpenSSL 1.0, NodeJS 10.x and higher require OpenSSL
> 1.1.
>
> PHP client uses PHP OpenSSL extension [4].
> PHP 7.2 and higher require OpenSSL 1.0.
>
> [1] https://docs.python.org/3/library/ssl.html
> [2] https://www.openssl.org/
> [3] https://nodejs.org/api/tls.html
> [4] https://www.php.net/manual/en/book.openssl.php
>
> Regards,
> -Alexey
>
> > Igniters,
> >
> > Regardless of the fact that Ignite is an open source software, ASF as an
> > entity based in the U.S. has to comply with certain exporting
> > regulations [1].
> >
> > Dmitry Pavlov and I are working on adding Ignite to the table [2] of
> > projects allowed for export and might need the assistance of some of you.
> >
> > Here is a list of cryptographic functions used by Ignite (and provided
> > by a 3rd party vendor):
> >
> >  1. JDK SSL/TLS libraries if a user wishes to enable secured
> >     connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK
> >     (https://apacheignite.readme.io/docs/ssltls)
> >  2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for
> >     transparent data encryption of data on disk
> >     (https://apacheignite.readme.io/docs/transparent-data-encryption)
> >  3. Libraries/vendors for .NET nodes security?*Pavel Tupitsyn*, could
> >     you check?
> >  4. Libraries/vendors for C++ clients security (SSL, TLS, anything
> >     else?). *Igor Sapego*, could you please check?
> >  5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin
> >     client contributors*, please facilitate.
> >  6. Anything else missing from the list? We don't have any custom crypto
> >     features, right?
> >
> > All of these usages/integrations have to comply with the following
> > checklist [3] before I, as a PMC Chair, submit a notice to Export
> > Administration Regulations of the U.S.A.
> >
> > [1] http://www.apache.org/licenses/exports/
> > [2] http://www.apache.org/licenses/exports/#matrix
> > [3] https://www.apache.org/dev/crypto.html#classify
> >
> >
> > -
> > Denis
>

Re: Signing off Ignite for export beyond the U.S.

[Alexey Kosenchuk <al...@nobitlost.com>]

Hi Denis,

Info about Python, PHP, Node.JS thin clients:

The clients itself do not contain any cryptographic code but use the 
features provided by the underlying platforms.

Python client uses Python's SSL lib [1] which is a wrapper over OpenSSL [2].
Python 2.7 and Python 3.4 require OpenSSL 1.0, Python 3.5 and higher 
require OpenSSL 1.1.

NodeJS client uses NodeJS's tls module [3] which is a wrapper over 
OpenSSL [2].
NodeJS 8.x requires OpenSSL 1.0, NodeJS 10.x and higher require OpenSSL 1.1.

PHP client uses PHP OpenSSL extension [4].
PHP 7.2 and higher require OpenSSL 1.0.

[1] https://docs.python.org/3/library/ssl.html
[2] https://www.openssl.org/
[3] https://nodejs.org/api/tls.html
[4] https://www.php.net/manual/en/book.openssl.php

Regards,
-Alexey

> Igniters,
> 
> Regardless of the fact that Ignite is an open source software, ASF as an 
> entity based in the U.S. has to comply with certain exporting 
> regulations [1].
> 
> Dmitry Pavlov and I are working on adding Ignite to the table [2] of 
> projects allowed for export and might need the assistance of some of you.
> 
> Here is a list of cryptographic functions used by Ignite (and provided 
> by a 3rd party vendor):
> 
>  1. JDK SSL/TLS libraries if a user wishes to enable secured
>     connectivity between cluster nodes. Manufacturer - Oracle/OpenJDK
>     (https://apacheignite.readme.io/docs/ssltls)
>  2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries for
>     transparent data encryption of data on disk
>     (https://apacheignite.readme.io/docs/transparent-data-encryption)
>  3. Libraries/vendors for .NET nodes security?*Pavel Tupitsyn*, could
>     you check?
>  4. Libraries/vendors for C++ clients security (SSL, TLS, anything
>     else?). *Igor Sapego*, could you please check?
>  5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear thin
>     client contributors*, please facilitate.
>  6. Anything else missing from the list? We don't have any custom crypto
>     features, right?
> 
> All of these usages/integrations have to comply with the following 
> checklist [3] before I, as a PMC Chair, submit a notice to Export 
> Administration Regulations of the U.S.A.
> 
> [1] http://www.apache.org/licenses/exports/
> [2] http://www.apache.org/licenses/exports/#matrix
> [3] https://www.apache.org/dev/crypto.html#classify
> 
> 
> -
> Denis