Jim Bell writes:
-- Problem with foreign applet vendors: how can a non-US security class vendor certify a class to be used (outside the US). Currently, it must be imported and signed by Sun. But, then it can't be exported without a Commerce Department license. No (current) plans to establish a signing authority outside of the U.S.
We've heard this assertion before. Why not import the software, generate a detachable signature, and then export the signature for re-attachment overseas?
I suspect (but don't have any direct knowledge) that strong crypto classes are distributed after encryption by Sun's private key. The corresponding public key is enbedded in the Java Class Loader and/or virtual machine (or the security framework class -- I'm only speculating here). This means that "rogue" encryptors can't work under Sun's security manager as they will be rejected as "unloadable" Martin Minow minow@apple.com