1996-06-03 - Re: Java Crypto API questions

Header Data

From: minow@apple.com (Martin Minow)
To: jim bell <cypherpunks@toad.com
Message Hash: 25a87c0da276e526c493055cc132ad453c45636edbd85556a0465ce93805938c
Message ID: <v02140b04add7b4e6d800@[17.128.203.227]>
Reply To: N/A
UTC Datetime: 1996-06-03 00:26:22 UTC
Raw Date: Mon, 3 Jun 1996 08:26:22 +0800

Raw message

From: minow@apple.com (Martin Minow)
Date: Mon, 3 Jun 1996 08:26:22 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: Java Crypto API questions
Message-ID: <v02140b04add7b4e6d800@[17.128.203.227]>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell writes:
>>-- Problem with foreign applet vendors: how can a non-US security
>>   class vendor certify a class to be used (outside the US).
>>   Currently, it must be imported and signed by Sun. But, then
>>   it can't be exported without a Commerce Department license.
>>   No (current) plans to establish a signing authority outside
>>   of the U.S.
>
>We've heard this assertion before.  Why not import the software, generate a
>detachable signature, and then export the signature for re-attachment overseas?
>

I suspect (but don't have any direct knowledge) that strong crypto
classes are distributed after encryption by Sun's private key. The
corresponding public key is enbedded in the Java Class Loader and/or
virtual machine (or the security framework class -- I'm only speculating
here).

This means that "rogue" encryptors can't work under Sun's security
manager as they will be rejected as "unloadable"

Martin Minow
minow@apple.com









Thread