Michael, You're still missing the point. It's not the ROT-13 that would cause us to have to register. It's an api that allows for plugging in arbitrary encryption. However, my suspicion is that we're exempt because our "encryption" only deals with authentication.
On 2/22/07, Michael Gentry <[EMAIL PROTECTED]> wrote:
I certainly don't mind having this cleared by legal and it is a good discussion. I've had a bit more sleep and caffeine now and went over to http://www.apache.org/dev/crypto.html and just read this bit: "The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms." ROT-13 and ROT-47 (the only ones we provide) are symmetrical algorithms. To quote the Wikipedia (yeah, I know some people don't feel it is definitive about anything): "An additional feature of the cipher is that it is symmetrical; that is, to undo ROT13, the same algorithm is applied, so the same code can be used for encoding and decoding. " This still feels like a non-issue to me, but worthy of discussion and perhaps feedback from Apache legal. And if anyone really feels ROT-13 is secure, I know a 6-year old girl with a sheet of paper that can hack their system. (She uses it to send "secret" messages to her grandmother.) :-) Mike K. did raise an interesting point about if Cayenne Modeler starts using Derby instead of HSQL, what does that mean for us? Would we only need the BIS/etc if we run the preferences DB with encryption (I can't imagine we would -- no reason to)? Thanks again! /dev/mrg On 2/22/07, Mike Kienenberger <[EMAIL PROTECTED]> wrote: > Jean, > > Thank you for looking into this. I guess at some point I should join > legal-discuss, but I already feel I'm overloaded with apache mailing > lists :-) > > On 2/22/07, Jean T. Anderson <[EMAIL PROTECTED]> wrote: > > Mike Kienenberger wrote: > > > ... if we start providing derby as a component of > > > cayenne, then we are subject to the export regs. > > > > I just posted a question to legal-discuss asking if an Apache product > > includes any product listed at http://www.apache.org/licenses/exports/, > > does it need to also do the BIS notification. > > > > -jean > > > > >
