[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java Crypto API questions

To: jim bell <[email protected]>, [email protected]
Subject: Re: Java Crypto API questions
From: [email protected] (Martin Minow)
Date: Sun, 2 Jun 1996 14:24:04 -0700
Sender: [email protected]

Jim Bell writes:
>>-- Problem with foreign applet vendors: how can a non-US security
>>   class vendor certify a class to be used (outside the US).
>>   Currently, it must be imported and signed by Sun. But, then
>>   it can't be exported without a Commerce Department license.
>>   No (current) plans to establish a signing authority outside
>>   of the U.S.
>
>We've heard this assertion before.  Why not import the software, generate a
>detachable signature, and then export the signature for re-attachment overseas?
>

I suspect (but don't have any direct knowledge) that strong crypto
classes are distributed after encryption by Sun's private key. The
corresponding public key is enbedded in the Java Class Loader and/or
virtual machine (or the security framework class -- I'm only speculating
here).

This means that "rogue" encryptors can't work under Sun's security
manager as they will be rejected as "unloadable"

Martin Minow
[email protected]

Prev by Date: Re: [Off-Topic] "Curfews"
Next by Date: Fate of Ecash if RSA is cracked?
Prev by thread: Re: Java Crypto API questions
Next by thread: Re: Java Crypto API questions
Index(es):
- Date
- Thread