Java Crypto API questions
Martin Minow
minow at apple.com
Sun Jun 2 17:26:22 PDT 1996
Jim Bell writes:
>>-- Problem with foreign applet vendors: how can a non-US security
>> class vendor certify a class to be used (outside the US).
>> Currently, it must be imported and signed by Sun. But, then
>> it can't be exported without a Commerce Department license.
>> No (current) plans to establish a signing authority outside
>> of the U.S.
>
>We've heard this assertion before. Why not import the software, generate a
>detachable signature, and then export the signature for re-attachment overseas?
>
I suspect (but don't have any direct knowledge) that strong crypto
classes are distributed after encryption by Sun's private key. The
corresponding public key is enbedded in the Java Class Loader and/or
virtual machine (or the security framework class -- I'm only speculating
here).
This means that "rogue" encryptors can't work under Sun's security
manager as they will be rejected as "unloadable"
Martin Minow
minow at apple.com
More information about the cypherpunks-legacy
mailing list