Java Crypto API questions
Moltar Ramone
jlasser at rwd.goucher.edu
Fri May 31 11:53:48 PDT 1996
On Thu, 30 May 1996, Lucky Green wrote:
> o "Security Packages must be signed. Policy for signing is public and open."
> I assume the packages must be signed by Sun. How much will it cost to have
> a package signed? How do I obtain a copy of this "public and open" policy?
>
> o "Exportable API. Exportable applications."
> One code example shows performing a DES encryption. Another slide mentions
> "Support for [...] RSA." This is exportable? What am I missing?
My guess would be that the first of these two points answers the second.
Everything is exportable -- except signed third-party security packages.
My bet would be that the exportable code would not be more than RC4-40 or
perhaps 1DES, but that a signed package would go to RC4-128, 3DES, and
RSA-1024. However, the signature on that package would be on the
condition that the vendor/distributor of that package follow all export
regulations.
This is the way Micro$oft's CAPI is supposed to work; it's got
commodities jurisdiction approval already, my bet is Sun can get the same.
----------
Jon Lasser (410)532-7138 - Obscenity is a crutch for
jlasser at rwd.goucher.edu inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D) - Fuck the CDA.
More information about the cypherpunks-legacy
mailing list