Hi Pifta, I don't know what's going on, but most of your email threads went into my spam folder. I wonder if it's happening to other folks.
On Thu, Feb 1, 2024 at 2:28 AM István Fajth <fapi...@gmail.com> wrote: > Hi developers! > > I have filed https://issues.apache.org/jira/browse/HDDS-10234 in order to > track efforts that are required to make Ozone compliant with certain > cryptography related legislation that are dictated by different governments > as a minimum requirement in order to enable to use of Ozone within an > environment, where certain security requirements are enforced by these > laws. > > I am aware of 3 jurisdictions, that has, or forms such legislation, the US > and Canada has the Federal Information Processing Standard, and the Federal > Information Management Federal Information Security Management Act; there > is China's Cryptography Law; and the European Union is also preparing > legislation on cryptography related rules. > Besides all of these legislations, there is also an international standard > defined related to the application of cryptography under ISO/IEC 19970, > unfortunately I do not have access to this standard as it is behind a > paywall though. > > I am happy to have any insight and would like to open a discussion soon by > posting a design doc on suggested changes to make it easy to have Ozone > running in an environment where FIPS/FISMA compliance is enforced by law. I > would especially be glad to have input on those parts of the design that > are relevant and should expect some specifics when it comes to compliance > with other jurisdictions, but of course any other feedback I accept gladly. > > I will send a notification in this thread once the design doc is up, since > then there are some preliminary details and background in the JIRA and > related JIRAs available from the one I linked in the beginning of this > e-mail. > > Thank you! > Pifta >
