logging-log4j-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Curt Arnold <carn...@apache.org>
Subject Re: ECCN Question -- Apache Log4J 1.2
Date Wed, 19 May 2010 01:56:15 GMT
Export status of Apache software is at http://www.apache.org/licenses/exports/.  Apache log4j
is not listed as it is not known to contain cryptographic functionality or to be specially
designed to use other software with cryptographic functionality.

Please see the disclaimer on that page and consider my further comments covered by that disclaimer.

On May 18, 2010, at 7:13 PM, Erin Clark wrote:

> Hi All:
> I'm assisting a client with the export classification of their product
> and the subject product utilizes Apache Log4J 1.2.  Do you know who
> might be the correct developer(s) for this open source code?  If it's
> you all, do you happen to know what the Export Control Classification
> Number (ECCN) for this code?  If you don't know the ECCN, can you please
> respond to the following questions at your convenience?
> a.     Does the code perform cryptographic functions (i.e.,
> encryption/decryption)?

Not that I am aware of.

> b.    Does the code contain any cryptographic algorithms (i.e., 3DES,
> Diffie-Helman, Blowfish, Rijndael, RC4, RSA) (whether or not these
> algorithms are actually being used by the software)?

Not that I am aware of.

> c.     Is the code capable of interfacing with, calling to, using,
> invoking or enabling/disabling the cryptographic features within other
> software or within the underlying platform in any way?

The SMTPAppender has a configurable string property that specifies the protocol to be used
and which is passed down to the java.mail API.  The value "smtps" has no special meaning to
log4j, but does to java.mail and would result in use of an SMTP+SSL transport.   As the value
is passed through log4j to the lower level API without special treatment, log4j is not specifically
designed to use encryption.  We are just we are aware it can happen with some values.  In
the same manner, if any FileAppender is configured to use a encrypted filesystem, the underlying
system will perform encryption.

> d.    Is the code capable of performing message digesting/hashing (i.e.,
> MD5, RIPEMD, SHA, Tiger), fixed data compression or authentication?

Not that I'm aware of.  The log4j extras companion (distributed separately from log4j 1.2.x),
does call the Java API for Gzip and Zip compression of log files.

> e.     Does the code contain/utilize and open cryptographic interface
> (OCI), where the cryptographic capabilities of the code are
> user-accessible and/or modifiable?  (See below for a more detailed
> definition of OCI.)  

Not that I am aware of.

To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-user-help@logging.apache.org

View raw message