Sorry to repost, but hoping someone can help with this!

I'm hoping to get a little more information about the encryption
functionality, specifically if it is limited to the following functions:

- code limited to encryption of passwords, personal identification
numbers, digital signatures, fixed data compression techniques, hashing
- decryption (only) of radio or pay TV broadcasts, or for civilian use of
mobile radio telephones not capable of "end to end" encryption
- decryption specially designed to allow execution of copy-protected
software and the decryption function is not user-accessible
- cryptographic software specially designed and limited for use on banking
(ATM, POS terminals)
- personalized smart card software not capable of message traffic
encryption of user-supplied or related key management functions
- key management designed, restricted, and intended to support only one of
the above functions
- software designed to protect against malicious computer damage (e.g.
Viruses, intrusion detection, etc.)
- software tools and technology specifically designed for the development,
production, or "use" of one or more of the above software (but limited to
those listed above)

Thank you again for your help!

Regards,
Melissa

----- Forwarded by Melissa Mahasintunan/Silicon Valley/IBM on 07/06/2011
12:24 PM -----

From:   Melissa Mahasintunan/Silicon Valley/IBM
To:     [EMAIL PROTECTED]
Cc:     Andrew Purtell <[EMAIL PROTECTED]>
Date:   06/29/2011 01:58 PM
Subject:        Re: Encryption in ZooKeeper & contrib projects
Hi Andy,

Thank you for your response last week!  I was hoping you could provide me
with a little more information, specifically if the encryption
functionality is limited to the following functions:

- code limited to encryption of passwords, personal identification
numbers, digital signatures, fixed data compression techniques, hashing
- decryption (only) of radio or pay TV broadcasts, or for civilian use of
mobile radio telephones not capable of "end to end" encryption
- decryption specially designed to allow execution of copy-protected
software and the decryption function is not user-accessible
- cryptographic software specially designed and limited for use on banking
(ATM, POS terminals)
- personalized smart card software not capable of message traffic
encryption of user-supplied or related key management functions
- key management designed, restricted, and intended to support only one of
the above functions
- software designed to protect against malicious computer damage (e.g.
Viruses, intrusion detection, etc.)
- software tools and technology specifically designed for the development,
production, or "use" of one or more of the above software (but limited to
those listed above)

Thank you again for your help!

Regards,
Melissa
From:   Andrew Purtell <[EMAIL PROTECTED]>
To:     [EMAIL PROTECTED]
Date:   06/23/2011 04:10 PM
Subject:        Re: Encryption in ZooKeeper & contrib projects

> From: Ted Dunning <[EMAIL PROTECTED]>
> Encryption is used in authentication, but not in communications.  Of
> course, you can do magic tunnel things to provide encryption, but
> ZK doesn't do it by itself.

With ZOOKEEPER-938 applied if I'm not mistaken it would be possible to
negotiate encryption on the connection as well as authentication (via SASL
QoP "auth-conf").

  - Andy

This sounds like an export certification.  Don't take what I say as
definitive in this regard.

On Wed, Jul 6, 2011 at 12:28 PM, Melissa Mahasintunan
<[EMAIL PROTECTED]>wrote:

> Sorry to repost, but hoping someone can help with this!
>
> I'm hoping to get a little more information about the encryption
> functionality, specifically if it is limited to the following functions:
>
> - code limited to encryption of passwords, personal identification
> numbers, digital signatures, fixed data compression techniques, hashing
>

Zookeeper does password encryption and hashing.  It is likely that it will
adopt standard public key libraries for authentication in the future.

Others can comment on the exact state of encrypted connections to Zookeeper,
but it is not standard practice to use them.  In the future, it is likely
that hashing will be used to authenticate messages.
- decryption (only) of radio or pay TV broadcasts, or for civilian use of
> mobile radio telephones not capable of "end to end" encryption
>

This does not apply.
> - decryption specially designed to allow execution of copy-protected
> software and the decryption function is not user-accessible
>

This does not apply.
> - cryptographic software specially designed and limited for use on banking
> (ATM, POS terminals)
>

This does not apply.
> - personalized smart card software not capable of message traffic
> encryption of user-supplied or related key management functions
>

This does not apply.
> - key management designed, restricted, and intended to support only one of
> the above functions
> - software designed to protect against malicious computer damage (e.g.
> Viruses, intrusion detection, etc.)
>

This does not apply.
> - software tools and technology specifically designed for the development,
> production, or "use" of one or more of the above software (but limited to
> those listed above)
>

Hi All,

I am trying to determine if the ZooKeeper package (including the contrib
packages) uses encryption, and if so, if that encryption is limited to
such things as encryption of passwords, PINs, digital signatures, fixed
data compression techniques or hashing.

I know Zookeeper has an access control per user, so a user's password
might be encrypted internally. However, it's not documented as far as I
know, so I'm not sure. It may even be stored as a plain data.

I've also tried to grep files in the whole package with "crypto" keyword,
and found the related information is as follows:

Related keyword:
org.apache.zookeeper.inspector.encryption.EncryptionManager
/BasicDataEncryptionManager   (found in contrib\ZooInspector)
This class appears to encrypt/decrypt outside of Zookeeper, and the
specific encrypted logic does not seem to be implemented within.

Related keyword: org.apache.bookkeeper.client.MacDigestManager /
CRC32DigestManager    (found in contrib\bookkeeper)
This class does seem to include encryption logic, but I'm not sure if the
functions are limited to those I've listed above.

Any help would be much appreciated.  Thank you in advance!

Regards,
Melissa

Sorry to repost, but hoping someone can help with this!  Thanks!

Regards,
Melissa

----- Forwarded by Melissa Mahasintunan/Silicon Valley/IBM on 06/23/2011
02:33 PM -----

From:   Melissa Mahasintunan/Silicon Valley/IBM
To:     [EMAIL PROTECTED]
Date:   06/17/2011 04:27 PM
Subject:        Encryption in ZooKeeper & contrib projects
Hi All,

I am trying to determine if the ZooKeeper package (including the contrib
packages) uses encryption, and if so, if that encryption is limited to
such things as encryption of passwords, PINs, digital signatures, fixed
data compression techniques or hashing.

I know Zookeeper has an access control per user, so a user's password
might be encrypted internally. However, it's not documented as far as I
know, so I'm not sure. It may even be stored as a plain data.

I've also tried to grep files in the whole package with "crypto" keyword,
and found the related information is as follows:

Related keyword:
org.apache.zookeeper.inspector.encryption.EncryptionManager
/BasicDataEncryptionManager   (found in contrib\ZooInspector)
This class appears to encrypt/decrypt outside of Zookeeper, and the
specific encrypted logic does not seem to be implemented within.

Related keyword: org.apache.bookkeeper.client.MacDigestManager /
CRC32DigestManager    (found in contrib\bookkeeper)
This class does seem to include encryption logic, but I'm not sure if the
functions are limited to those I've listed above.

Any help would be much appreciated.  Thank you in advance!

Regards,
Melissa

I think that the basic answer is no.

Encryption is used in authentication, but not in communications.  Of course,
you can do magic tunnel things to provide encryption, but ZK doesn't do it
by itself.

On Thu, Jun 23, 2011 at 2:34 PM, Melissa Mahasintunan
<[EMAIL PROTECTED]>wrote:

> Sorry to repost, but hoping someone can help with this!  Thanks!
>
> Regards,
> Melissa
>
> ----- Forwarded by Melissa Mahasintunan/Silicon Valley/IBM on 06/23/2011
> 02:33 PM -----
>
> From:   Melissa Mahasintunan/Silicon Valley/IBM
> To:     [EMAIL PROTECTED]
> Date:   06/17/2011 04:27 PM
> Subject:        Encryption in ZooKeeper & contrib projects
>
>
> Hi All,
>
> I am trying to determine if the ZooKeeper package (including the contrib
> packages) uses encryption, and if so, if that encryption is limited to
> such things as encryption of passwords, PINs, digital signatures, fixed
> data compression techniques or hashing.
>
> I know Zookeeper has an access control per user, so a user's password
> might be encrypted internally. However, it's not documented as far as I
> know, so I'm not sure. It may even be stored as a plain data.
>
> I've also tried to grep files in the whole package with "crypto" keyword,
> and found the related information is as follows:
>
> Related keyword:
> org.apache.zookeeper.inspector.encryption.EncryptionManager
> /BasicDataEncryptionManager   (found in contrib\ZooInspector)
> This class appears to encrypt/decrypt outside of Zookeeper, and the
> specific encrypted logic does not seem to be implemented within.
>
> Related keyword: org.apache.bookkeeper.client.MacDigestManager /
> CRC32DigestManager    (found in contrib\bookkeeper)
> This class does seem to include encryption logic, but I'm not sure if the
> functions are limited to those I've listed above.
>
> Any help would be much appreciated.  Thank you in advance!
>
> Regards,
> Melissa
>

> From: Ted Dunning <[EMAIL PROTECTED]>
> Encryption is used in authentication, but not in communications.  Of
> course, you can do magic tunnel things to provide encryption, but
> ZK doesn't do it by itself.

With ZOOKEEPER-938 applied if I'm not mistaken it would be possible to negotiate encryption on the connection as well as authentication (via SASL QoP "auth-conf").

  - Andy

I will soon be out of date, it seems!

On Thu, Jun 23, 2011 at 4:10 PM, Andrew Purtell <[EMAIL PROTECTED]> wrote:

> > From: Ted Dunning <[EMAIL PROTECTED]>
> > Encryption is used in authentication, but not in communications.  Of
> > course, you can do magic tunnel things to provide encryption, but
> > ZK doesn't do it by itself.
>
> With ZOOKEEPER-938 applied if I'm not mistaken it would be possible to
> negotiate encryption on the connection as well as authentication (via SASL
> QoP "auth-conf").
>
>  - Andy
>
>

Hi Andy,

Thank you for your response last week!  I was hoping you could provide me
with a little more information, specifically if the encryption
functionality is limited to the following functions:

code limited to encryption of passwords, personal identification numbers,
digital signatures, fixed data compression techniques, hashing
decryption (only) of radio or pay TV broadcasts, or for civilian use of
mobile radio telephones not capable of "end to end" encryption
decryption specially designed to allow execution of copy-protected
software and the decryption function is not user-accessible
cryptographic software specially designed and limited for use on banking
(ATM, POS terminals)
personalized smart card software not capable of message traffic encryption
of user-supplied or related key management functions
key management designed, restricted, and intended to support only one of
the above functions
software designed to protect against malicious computer damage (e.g.
Viruses, intrusion detection, etc.)
software tools and technology specifically designed for the development,
production, or "use" of one or more of the above software (but limited to
those listed above)

Thank you again for your help!

Regards,
Melissa
From:   Andrew Purtell <[EMAIL PROTECTED]>
To:     [EMAIL PROTECTED]
Date:   06/23/2011 04:10 PM
Subject:        Re: Encryption in ZooKeeper & contrib projects

> From: Ted Dunning <[EMAIL PROTECTED]>
> Encryption is used in authentication, but not in communications.  Of
> course, you can do magic tunnel things to provide encryption, but
> ZK doesn't do it by itself.

With ZOOKEEPER-938 applied if I'm not mistaken it would be possible to
negotiate encryption on the connection as well as authentication (via SASL
QoP "auth-conf").

  - Andy