Hi developers! I have filed https://issues.apache.org/jira/browse/HDDS-10234 in order to track efforts that are required to make Ozone compliant with certain cryptography related legislation that are dictated by different governments as a minimum requirement in order to enable to use of Ozone within an environment, where certain security requirements are enforced by these laws.
I am aware of 3 jurisdictions, that has, or forms such legislation, the US and Canada has the Federal Information Processing Standard, and the Federal Information Management Federal Information Security Management Act; there is China's Cryptography Law; and the European Union is also preparing legislation on cryptography related rules. Besides all of these legislations, there is also an international standard defined related to the application of cryptography under ISO/IEC 19970, unfortunately I do not have access to this standard as it is behind a paywall though. I am happy to have any insight and would like to open a discussion soon by posting a design doc on suggested changes to make it easy to have Ozone running in an environment where FIPS/FISMA compliance is enforced by law. I would especially be glad to have input on those parts of the design that are relevant and should expect some specifics when it comes to compliance with other jurisdictions, but of course any other feedback I accept gladly. I will send a notification in this thread once the design doc is up, since then there are some preliminary details and background in the JIRA and related JIRAs available from the one I linked in the beginning of this e-mail. Thank you! Pifta
