You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "István Fajth (Jira)" <ji...@apache.org> on 2024/01/29 16:45:00 UTC

[jira] [Assigned] (HDDS-10234) Regulatory compliance for used cryptography

     [ https://issues.apache.org/jira/browse/HDDS-10234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

István Fajth reassigned HDDS-10234:
-----------------------------------

    Assignee: István Fajth

> Regulatory compliance for used cryptography
> -------------------------------------------
>
>                 Key: HDDS-10234
>                 URL: https://issues.apache.org/jira/browse/HDDS-10234
>             Project: Apache Ozone
>          Issue Type: New Feature
>            Reporter: István Fajth
>            Assignee: István Fajth
>            Priority: Major
>
> In various jurisdictions there are some restrictions on using different cryptographic functions, algorithms, cyphers etc.
> There is an international standard issued by ISO under ISO/IEC 19790.
> In the US, FIPS 140-3 is based off of the ISO standard, hence it is an easy starting point also considering the fact that most of the legislation probably moves towards the standard rather than creating a new one.
> In China, there is the "China Cryptograhy law" that also contains different rules for different security levels.
> In the EU the legislators are still debating about how to apply rules in order to protect privacy, but fight crime effectively (esp. child abuse).
> Probably there are many more around the world.
> This JIRA is about having an umbrella for crypto and security compliance related changes.
> As a starting point and approach, I collected some of the topics that are necessary for FIPS 140-3 compliance, and I am happy to see any inputs/amendments/additional requirements to the subsequent architectural changes and pull requests that helps to make compliance with more jurisdictions easy (or even implements those compliance measures).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org