From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 2D41D1FF1A6
	for <inbox@lore.proxmox.com>; Mon, 29 Sep 2025 15:10:00 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 03FAC12610;
	Mon, 29 Sep 2025 15:10:04 +0200 (CEST)
Message-ID: <14e323e3-fbb9-49b7-8587-29794de8dc6d@proxmox.com>
Date: Mon, 29 Sep 2025 15:09:30 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird Beta
To: Shan Shaji <s.shaji@proxmox.com>, Dominik Csapak <d.csapak@proxmox.com>,
 Proxmox VE development discussion <pve-devel@lists.proxmox.com>
References: <20250925123243.25940-1-s.shaji@proxmox.com>
 <f1ccba2c-8d53-4673-b1d0-f6194176db9f@proxmox.com>
 <57578ffc-d91c-49b9-a2ac-9d53f1b29d93@proxmox.com>
 <DD55DRW05MXW.21QK0X9IUGKGW@proxmox.com>
 <DD5AQEGDUCGS.3RG9CCHVSLULV@proxmox.com>
Content-Language: en-US
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
In-Reply-To: <DD5AQEGDUCGS.3RG9CCHVSLULV@proxmox.com>
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1759151350633
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.026 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH pve_flutter_frontend v2] chore: ios: add
 export compliance key to info.plist
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Am 29.09.25 um 14:51 schrieb Shan Shaji:
> Hi @Thomas and @Dominik, I have done some more research on this through
> the BIS documentation [0] on License Exception ENC and Category 5, Part 2 [1]. 
> 
> AFAIU, 
> 
> - Since we are using TLS/SSL encryption we are under 5A002/5D002.
>   Our app comes under mass market [2] so it further classfies it under
>   5A992/5D992. After March 29, 2021 mass market software doesn't need to
>   provide a self classification report [3]. Also since we are using the
>   platform APIs provided by iOS which are already exported by Apple
>   for SSL/TLS and not implementing any encryptions by ourselves  
>   i believe we don't need to do anything from our side. 
> 
> - For the crypto package that we are using doesn't likely fall under 5A002/5D002 as
>   it's not used for confidentiality rather we are using it for data integrity. 
>   So i believe it should likely fall under ECCN 5D992 (Mass Market).
>   Also the source code of the package is publicly available and SHA-256
>   is a standared algorithm. 
> 
> - For `biometric_storage`, the package internaly uses the platform APIs
>   that are available in iOS [4]. Since it's using the already exported iOS
>   interfaces i believe we should be fine there as well. 
> 
> - [0] https://www.bis.doc.gov/index.php/encryption-and-export-administration-regulations-ear 
> - [1] https://www.bis.doc.gov/index.php/documents/new-encryption/1652-cat-5-part-2-quick-reference-guide/file
> - [2] https://www.bis.doc.gov/index.php/policy-guidance/encryption/3-license-exception-enc-and-mass-market/a-mass-market (Paragraph a)
> - [3] https://www.bis.doc.gov/index.php/documents/pdfs/2759-table-of-changes-to-enc-in-wa2019-rule-final-version/file (Table Reference)
> - [4] https://github.com/authpass/biometric_storage/blob/main/macos/Classes/BiometricStorageImpl.swift   
> 
> So IMHO, i think it's safe to update the ` ITSAppUsesNonExemptEncryption` key
> to false. WDYT?

That seems to be a safe conclusion with enough due diligence to back it up.


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel