You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by Mike Kienenberger <mk...@gmail.com> on 2006/08/10 18:03:25 UTC

state-saving encryption: Did we fail to follow the proper procedures?

This page just came to my attention.

http://www.apache.org/dev/crypto.html

My understanding is that any software that calls encryption APIs is
affected by this, so this affects MyFaces due to our client-side state
saving encryption code.

Is anyone who is currently subscribed to the legal-discuss mailing
lists willing to follow up on this and determine if MyFaces needs to
do something?

My reading is that MyFaces clearly is affected and needs to follow these steps:

   1.  Check the Export Control Classification Number (ECCN).
       -- Looks like MyFaces is ECCN 5D002
   2. Update the Exports Page with Source Links.
       -- http://www.apache.org/legal/export.html is a broken link --
something else to report to legal-discuss.
   3. Notify the U.S. Government of the new code.
       -- needs to be done
   4. Inform users with a crypto notice in the distribution's README
and download pages.
       -- needs to be done