From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Shan Shaji <s.shaji@proxmox.com>,
Dominik Csapak <d.csapak@proxmox.com>,
Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH pve_flutter_frontend v2] chore: ios: add export compliance key to info.plist
Date: Mon, 29 Sep 2025 15:09:30 +0200 [thread overview]
Message-ID: <14e323e3-fbb9-49b7-8587-29794de8dc6d@proxmox.com> (raw)
In-Reply-To: <DD5AQEGDUCGS.3RG9CCHVSLULV@proxmox.com>
Am 29.09.25 um 14:51 schrieb Shan Shaji:
> Hi @Thomas and @Dominik, I have done some more research on this through
> the BIS documentation [0] on License Exception ENC and Category 5, Part 2 [1].
>
> AFAIU,
>
> - Since we are using TLS/SSL encryption we are under 5A002/5D002.
> Our app comes under mass market [2] so it further classfies it under
> 5A992/5D992. After March 29, 2021 mass market software doesn't need to
> provide a self classification report [3]. Also since we are using the
> platform APIs provided by iOS which are already exported by Apple
> for SSL/TLS and not implementing any encryptions by ourselves
> i believe we don't need to do anything from our side.
>
> - For the crypto package that we are using doesn't likely fall under 5A002/5D002 as
> it's not used for confidentiality rather we are using it for data integrity.
> So i believe it should likely fall under ECCN 5D992 (Mass Market).
> Also the source code of the package is publicly available and SHA-256
> is a standared algorithm.
>
> - For `biometric_storage`, the package internaly uses the platform APIs
> that are available in iOS [4]. Since it's using the already exported iOS
> interfaces i believe we should be fine there as well.
>
> - [0] https://www.bis.doc.gov/index.php/encryption-and-export-administration-regulations-ear
> - [1] https://www.bis.doc.gov/index.php/documents/new-encryption/1652-cat-5-part-2-quick-reference-guide/file
> - [2] https://www.bis.doc.gov/index.php/policy-guidance/encryption/3-license-exception-enc-and-mass-market/a-mass-market (Paragraph a)
> - [3] https://www.bis.doc.gov/index.php/documents/pdfs/2759-table-of-changes-to-enc-in-wa2019-rule-final-version/file (Table Reference)
> - [4] https://github.com/authpass/biometric_storage/blob/main/macos/Classes/BiometricStorageImpl.swift
>
> So IMHO, i think it's safe to update the ` ITSAppUsesNonExemptEncryption` key
> to false. WDYT?
That seems to be a safe conclusion with enough due diligence to back it up.
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-09-29 13:10 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-25 12:32 Shan Shaji
2025-09-26 9:21 ` Dominik Csapak
2025-09-26 9:51 ` Thomas Lamprecht
2025-09-29 8:39 ` Shan Shaji
2025-09-29 12:51 ` Shan Shaji
2025-09-29 13:09 ` Thomas Lamprecht [this message]
2025-09-30 8:50 ` Shan Shaji
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=14e323e3-fbb9-49b7-8587-29794de8dc6d@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=s.shaji@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox