At 09:30 AM 6/2/96 -0700, Martin Minow wrote:
Today, CP's own Marianne Mueller was scheduled to give a talk at JavaOne on the eagerly awaited (at least by this user) Java Crypto API.
---- ---- ---- Notes from the security birds of a feather session ---- ---- ----
-- Need multiple security managers: if any say no, reject the request. -- Servet, applet need different security managers. -- Problem with firewalls: client accesses server via firewall via proxy servers. May not be able to open a URL directly. -- Java Commerce API coming for payment functions. -- Problem with foreign applet vendors: how can a non-US security class vendor certify a class to be used (outside the US). Currently, it must be imported and signed by Sun. But, then it can't be exported without a Commerce Department license. No (current) plans to establish a signing authority outside of the U.S.
We've heard this assertion before. Why not import the software, generate a detachable signature, and then export the signature for re-attachment overseas? Surely export of signatures isn't controlled (even arguably) by ITAR. Jim Bell jimbell@pacifier.com