On Tue, Apr 13, 2010 at 17:24, Rocco, Rick <rick.rocco-jr_at_hp.com> wrote:
> Hi, I am an export compliance coordinator with HP. I am currently
> reviewing applications for exportability from the EU. Could you please
> provide the Export Control Rating for exports from the EU under the terms of
> the EU dual-use lists (EC Regulation 428/2009 as amended) for TortoiseSVN?
Another one of these? http://svn.haxx.se/tsvnusers/archive-2008-05/0103.shtml
What, exactly, is being "exported from the EU" here? TSVN's primary
developer(s) is located in Europe, but it uses code contributed by
thousands of people all over the world. It's mirrored on servers
around the world. Anyone can download it from just about anywhere, to
a computer just about anywhere.
> If this information is not available, could you tell me whether the product
> has any cryptographic functionality including password authentication and
> digital signature functions? If so, could you tell me if the product has
> any of the following characteristics:
It's all Open Source, so you can audit the code for yourself if the
answers aren't satisfactory.
> · Used solely for authentication or digital signature.
No part of Subversion is used "solely" for these purposes.
> · A “symmetric algorithm” employing a key length in excess of
> 56-bits;
>
> · An “asymmetric algorithm” where the security of the algorithm is
> based on any of the following:
>
> 1. Factorization of integers in excess of 512 bits (e.g., RSA);
>
> 2. Computation of discrete logarithms in a multiplicative group of a
> finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ);
>
> 3. Discrete logarithms in a group other than mentioned in item 2
> above, in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve);
Do you understand what this software is and does in the first place?
The authentication used is dictated by the server TSVN connects to,
which is either Apache (using Basic or Digest authentication,
potentially over SSL - so you'll need to chase up that tree, not
here), svnserve (which does not have any encryption at all), or
svnserve tunneled over SSH (in which case you want to be checking on
the encryption used by your SSH service, not Subversion or
TortoiseSVN).
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2581493
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2010-04-14 02:39:51 CEST