logging-log4j-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Erin Clark" <ecl...@strtrade.com>
Subject RE: ECCN Question -- Apache Log4J 1.2
Date Thu, 20 May 2010 06:10:10 GMT
Thanks so much, Curt.

-----Original Message-----
From: Curt Arnold [mailto:curt.arnld@gmail.com] On Behalf Of Curt Arnold
Sent: Tuesday, May 18, 2010 6:56 PM
To: Log4J Users List
Subject: Re: ECCN Question -- Apache Log4J 1.2

Export status of Apache software is at
http://www.apache.org/licenses/exports/.  Apache log4j is not listed as
it is not known to contain cryptographic functionality or to be
specially designed to use other software with cryptographic
functionality.

Please see the disclaimer on that page and consider my further comments
covered by that disclaimer.

On May 18, 2010, at 7:13 PM, Erin Clark wrote:

> Hi All:
> 
> 
> 
> I'm assisting a client with the export classification of their product
> and the subject product utilizes Apache Log4J 1.2.  Do you know who
> might be the correct developer(s) for this open source code?  If it's
> you all, do you happen to know what the Export Control Classification
> Number (ECCN) for this code?  If you don't know the ECCN, can you
please
> respond to the following questions at your convenience?
> 
> 
> 
> a.     Does the code perform cryptographic functions (i.e.,
> encryption/decryption)?

Not that I am aware of.

> 
> b.    Does the code contain any cryptographic algorithms (i.e., 3DES,
> Diffie-Helman, Blowfish, Rijndael, RC4, RSA) (whether or not these
> algorithms are actually being used by the software)?

Not that I am aware of.

> 
> c.     Is the code capable of interfacing with, calling to, using,
> invoking or enabling/disabling the cryptographic features within other
> software or within the underlying platform in any way?

The SMTPAppender has a configurable string property that specifies the
protocol to be used and which is passed down to the java.mail API.  The
value "smtps" has no special meaning to log4j, but does to java.mail and
would result in use of an SMTP+SSL transport.   As the value is passed
through log4j to the lower level API without special treatment, log4j is
not specifically designed to use encryption.  We are just we are aware
it can happen with some values.  In the same manner, if any FileAppender
is configured to use a encrypted filesystem, the underlying system will
perform encryption.


> 
> d.    Is the code capable of performing message digesting/hashing
(i.e.,
> MD5, RIPEMD, SHA, Tiger), fixed data compression or authentication?

Not that I'm aware of.  The log4j extras companion (distributed
separately from log4j 1.2.x), does call the Java API for Gzip and Zip
compression of log files.


> 
> e.     Does the code contain/utilize and open cryptographic interface
> (OCI), where the cryptographic capabilities of the code are
> user-accessible and/or modifiable?  (See below for a more detailed
> definition of OCI.)  

Not that I am aware of.


---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-user-help@logging.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-user-help@logging.apache.org


Mime
View raw message