[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java Crypto API questions



At 09:30 AM 6/2/96 -0700, Martin Minow wrote:
>>Today, CP's own Marianne Mueller was scheduled to give a talk at JavaOne on
>>the eagerly awaited (at least by this user) Java Crypto API.

>---- ---- ----
>Notes from the security birds of a feather session
>---- ---- ----
>
>-- Need multiple security managers: if any say no, reject the request.
>-- Servet, applet need different security managers.
>-- Problem with firewalls: client accesses server via firewall via
>   proxy servers. May not be able to open a URL directly.
>-- Java Commerce API coming for payment functions.
>-- Problem with foreign applet vendors: how can a non-US security
>   class vendor certify a class to be used (outside the US).
>   Currently, it must be imported and signed by Sun. But, then
>   it can't be exported without a Commerce Department license.
>   No (current) plans to establish a signing authority outside
>   of the U.S.

We've heard this assertion before.  Why not import the software, generate a 
detachable signature, and then export the signature for re-attachment overseas?

Surely export of signatures isn't controlled (even arguably) by ITAR.

Jim Bell
[email protected]