Java Crypto API questions
jim bell
jimbell at pacifier.com
Sun Jun 2 15:06:57 PDT 1996
At 09:30 AM 6/2/96 -0700, Martin Minow wrote:
>>Today, CP's own Marianne Mueller was scheduled to give a talk at JavaOne on
>>the eagerly awaited (at least by this user) Java Crypto API.
>---- ---- ----
>Notes from the security birds of a feather session
>---- ---- ----
>
>-- Need multiple security managers: if any say no, reject the request.
>-- Servet, applet need different security managers.
>-- Problem with firewalls: client accesses server via firewall via
> proxy servers. May not be able to open a URL directly.
>-- Java Commerce API coming for payment functions.
>-- Problem with foreign applet vendors: how can a non-US security
> class vendor certify a class to be used (outside the US).
> Currently, it must be imported and signed by Sun. But, then
> it can't be exported without a Commerce Department license.
> No (current) plans to establish a signing authority outside
> of the U.S.
We've heard this assertion before. Why not import the software, generate a
detachable signature, and then export the signature for re-attachment overseas?
Surely export of signatures isn't controlled (even arguably) by ITAR.
Jim Bell
jimbell at pacifier.com
More information about the cypherpunks-legacy
mailing list