[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Java Crypto API questions
On Thu, 30 May 1996, Lucky Green wrote:
> o "Security Packages must be signed. Policy for signing is public and open."
> I assume the packages must be signed by Sun. How much will it cost to have
> a package signed? How do I obtain a copy of this "public and open" policy?
>
> o "Exportable API. Exportable applications."
> One code example shows performing a DES encryption. Another slide mentions
> "Support for [...] RSA." This is exportable? What am I missing?
My guess would be that the first of these two points answers the second.
Everything is exportable -- except signed third-party security packages.
My bet would be that the exportable code would not be more than RC4-40 or
perhaps 1DES, but that a signed package would go to RC4-128, 3DES, and
RSA-1024. However, the signature on that package would be on the
condition that the vendor/distributor of that package follow all export
regulations.
This is the way Micro$oft's CAPI is supposed to work; it's got
commodities jurisdiction approval already, my bet is Sun can get the same.
----------
Jon Lasser (410)532-7138 - Obscenity is a crutch for
[email protected] inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D) - Fuck the CDA.