You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "István Fajth (Jira)" <ji...@apache.org> on 2024/01/29 16:45:00 UTC
[jira] [Assigned] (HDDS-10234) Regulatory compliance for used cryptography
[ https://issues.apache.org/jira/browse/HDDS-10234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
István Fajth reassigned HDDS-10234:
-----------------------------------
Assignee: István Fajth
> Regulatory compliance for used cryptography
> -------------------------------------------
>
> Key: HDDS-10234
> URL: https://issues.apache.org/jira/browse/HDDS-10234
> Project: Apache Ozone
> Issue Type: New Feature
> Reporter: István Fajth
> Assignee: István Fajth
> Priority: Major
>
> In various jurisdictions there are some restrictions on using different cryptographic functions, algorithms, cyphers etc.
> There is an international standard issued by ISO under ISO/IEC 19790.
> In the US, FIPS 140-3 is based off of the ISO standard, hence it is an easy starting point also considering the fact that most of the legislation probably moves towards the standard rather than creating a new one.
> In China, there is the "China Cryptograhy law" that also contains different rules for different security levels.
> In the EU the legislators are still debating about how to apply rules in order to protect privacy, but fight crime effectively (esp. child abuse).
> Probably there are many more around the world.
> This JIRA is about having an umbrella for crypto and security compliance related changes.
> As a starting point and approach, I collected some of the topics that are necessary for FIPS 140-3 compliance, and I am happy to see any inputs/amendments/additional requirements to the subsequent architectural changes and pull requests that helps to make compliance with more jurisdictions easy (or even implements those compliance measures).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org