It’s possible that Hop is not using strong encryption and therefore doesn’t trigger the policy.
Apologies if this was an unnecessary fire drill. It’s best to be on the safe side, given that US federal regulations are involved. I suggest that some PPMC members (you and Matt?) review the code and the policy, and update the JIRA case with what you find. You can use legal-discuss@ if you have questions (and we mentors can help too). Julian > On Jan 28, 2021, at 12:55 AM, Hans Van Akelyen <[email protected]> > wrote: > > Hej Julian, > > Thanks for pointing this out, to be on the safe side we will add Hop to the > list. We have some references to javax.crypto too. > > Cheers, > Hans > >> On Wed, Jan 27, 2021 at 10:13 PM Matt Casters >> <[email protected]> wrote: >> >> Ah I see it refers to the America export restrictions. Those are indeed >> capped at 512 bits for asymmetric encryption. The one I've used for the >> plugin is 128 bits. >> I don't think the JVM ships with an algorithm over 512 bits for precisely >> that same reason. >> >> On Wed, Jan 27, 2021 at 10:10 PM Matt Casters <[email protected]> >> wrote: >> >>> Just to clarify: this is not implementing an encryption algorithm. It's >>> merely using one of the standard AES algorithms implemented in the JRE. >>> >>> On Wed, Jan 27, 2021 at 9:51 PM Julian Hyde <[email protected]> >>> wrote: >>> >>>> I have logged https://issues.apache.org/jira/browse/HOP-2469 < >>>> https://issues.apache.org/jira/browse/HOP-2469>. Please review. We need >>>> to know ASAP whether we are out of compliance with ASF encryption >> policy. >>>> >>>> Julian >>>> >>>> >>>>> On Jan 27, 2021, at 12:38 PM, Julian Hyde <[email protected]> >>>> wrote: >>>>> >>>>> If an Apache release includes cryptography we need to declare it. See >>>> https://infra.apache.org/crypto.html < >>>> https://infra.apache.org/crypto.html>. >>>>> >>>>> Julian >>>>> >>>>> >>>>> >>>>> >>>>>> On Jan 27, 2021, at 12:27 PM, Matt Casters <[email protected] >> .INVALID >>>> <mailto:[email protected]>> wrote: >>>>>> >>>>>> Dear Hopiverse, >>>>>> >>>>>> I took the liberty to push out pull request 586 >>>>>> <https://github.com/apache/incubator-hop/pull/586 < >>>> https://github.com/apache/incubator-hop/pull/586>>. It synchronizes >> the >>>>>> password encoding of the metadata with the rest of the Hop platform. >>>>>> Mistakes of the past are best not repeated... >>>>>> >>>>>> To test this fairly small change I then wrote an AES two way password >>>>>> encoder plugin also included in the PR. >>>>>> I wrote the unit tests I thought were needed and wrote the >>>> documentation >>>>>> < >>>> >> https://github.com/apache/incubator-hop/blob/43a522b8c7a9f7a03d1c941fb99ebd9468f7f89e/plugins/misc/passwords/src/main/doc/aespasswords.adoc >>>> < >>>> >> https://github.com/apache/incubator-hop/blob/43a522b8c7a9f7a03d1c941fb99ebd9468f7f89e/plugins/misc/passwords/src/main/doc/aespasswords.adoc >>>>>> >>>>>> to go along with it... but I would appreciate an extra couple of eyes >>>> to >>>>>> see if it all works as expected to be on the safe side. >>>>>> >>>>>> Thanks in advance, >>>>>> >>>>>> Matt >>>>> >>>> >>>> >>> >>> -- >>> Neo4j Chief Solutions Architect >>> *✉ *[email protected] >>> ☎ +32486972937 >>> >>> >>> >>> >> >> -- >> Neo4j Chief Solutions Architect >> *✉ *[email protected] >> ☎ +32486972937 >>
