[
https://issues.apache.org/jira/browse/HADOOP-9331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13595495#comment-13595495
]
Jerry Chen commented on HADOOP-9331:
------------------------------------
bq. how is this going to impact export rules for Hadoop
It does not impact export of Hadoop directly, but would introduce some
housekeeping for every release which includes code that implements export
controlled cryptography or is “specifically designed to use it”. The ASF has an
XSLT transform committed under infrastructure/ for partial automation of the
process. The test is any code specifically designed to work with existing
export controlled technology. IANAL, but this would seem to extend to Hadoop
Common (because of the proposed o.a.h.io.crypto) and MapReduce (because if the
proposed code that specifically uses o.a.h.io.crypto). It would not appear to
extend beyond this because no other downstream consumer of Hadoop Common is
"specifically designed to use [cryptography]". See
http://www.apache.org/dev/crypto.html
Should HBase decide to commit HBASE-7544, then that housekeeping would apply to
HBase releases as well due to direct use of o.a.h.io.crypto.
> Hadoop crypto codec framework and crypto codec implementations
> --------------------------------------------------------------
>
> Key: HADOOP-9331
> URL: https://issues.apache.org/jira/browse/HADOOP-9331
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 3.0.0
> Reporter: Jerry Chen
> Attachments: Hadoop Crypto Design.pdf
>
> Original Estimate: 504h
> Remaining Estimate: 504h
>
> For use cases that deal with sensitive data, we often need to encrypt data to
> be stored safely at rest. Hadoop common provides a codec framework for
> compression algorithms. We start here. However because encryption algorithms
> require some additional configuration and methods for key management, we
> introduce a crypto codec framework that builds on the compression codec
> framework. It cleanly distinguishes crypto algorithms from compression
> algorithms, but shares common interfaces between them where possible, and
> also carries extended interfaces where necessary to satisfy those needs. We
> also introduce a generic Key type, and supporting utility methods and
> classes, as a necessary abstraction for dealing with both Java crypto keys
> and PGP keys.
> The task for this feature breaks into two parts:
> 1. The crypto codec framework that based on compression codec which can be
> shared by all crypto codec implementations.
> 2. The codec implementations such as AES and others.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
