From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Shan Shaji <s.shaji@proxmox.com>,
Dominik Csapak <d.csapak@proxmox.com>,
Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH pve_flutter_frontend v2] chore: ios: add export compliance key to info.plist
Date: Mon, 29 Sep 2025 15:09:30 +0200 [thread overview]
Message-ID: <14e323e3-fbb9-49b7-8587-29794de8dc6d@proxmox.com> (raw)
In-Reply-To: <DD5AQEGDUCGS.3RG9CCHVSLULV@proxmox.com>
Am 29.09.25 um 14:51 schrieb Shan Shaji:
> Hi @Thomas and @Dominik, I have done some more research on this through
> the BIS documentation [0] on License Exception ENC and Category 5, Part 2 [1].
>
> AFAIU,
>
> - Since we are using TLS/SSL encryption we are under 5A002/5D002.
> Our app comes under mass market [2] so it further classfies it under
> 5A992/5D992. After March 29, 2021 mass market software doesn't need to
> provide a self classification report [3]. Also since we are using the
> platform APIs provided by iOS which are already exported by Apple
> for SSL/TLS and not implementing any encryptions by ourselves
> i believe we don't need to do anything from our side.
>
> - For the crypto package that we are using doesn't likely fall under 5A002/5D002 as
> it's not used for confidentiality rather we are using it for data integrity.
> So i believe it should likely fall under ECCN 5D992 (Mass Market).
> Also the source code of the package is publicly available and SHA-256
> is a standared algorithm.
>
> - For `biometric_storage`, the package internaly uses the platform APIs
> that are available in iOS [4]. Since it's using the already exported iOS
> interfaces i believe we should be fine there as well.
>
> - [0] https://www.bis.doc.gov/index.php/encryption-and-export-administration-regulations-ear
> - [1] https://www.bis.doc.gov/index.php/documents/new-encryption/1652-cat-5-part-2-quick-reference-guide/file
> - [2] https://www.bis.doc.gov/index.php/policy-guidance/encryption/3-license-exception-enc-and-mass-market/a-mass-market (Paragraph a)
> - [3] https://www.bis.doc.gov/index.php/documents/pdfs/2759-table-of-changes-to-enc-in-wa2019-rule-final-version/file (Table Reference)
> - [4] https://github.com/authpass/biometric_storage/blob/main/macos/Classes/BiometricStorageImpl.swift
>
> So IMHO, i think it's safe to update the ` ITSAppUsesNonExemptEncryption` key
> to false. WDYT?
That seems to be a safe conclusion with enough due diligence to back it up.
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-09-29 13:10 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-25 12:32 Shan Shaji
2025-09-26 9:21 ` Dominik Csapak
2025-09-26 9:51 ` Thomas Lamprecht
2025-09-29 8:39 ` Shan Shaji
2025-09-29 12:51 ` Shan Shaji
2025-09-29 13:09 ` Thomas Lamprecht [this message]
2025-09-30 8:50 ` Shan Shaji
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=14e323e3-fbb9-49b7-8587-29794de8dc6d@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=s.shaji@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.