1996-06-02 - Re: Java Crypto API questions

Header Data

From: jim bell <jimbell@pacifier.com>
To: cypherpunks@toad.com
Message Hash: 589d7ab17e0b92964fe013d65bf6553a43a27794208676aa47a4517c865c534e
Message ID: <199606021828.LAA01244@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-06-02 22:06:57 UTC
Raw Date: Mon, 3 Jun 1996 06:06:57 +0800

Raw message

From: jim bell <jimbell@pacifier.com>
Date: Mon, 3 Jun 1996 06:06:57 +0800
To: cypherpunks@toad.com
Subject: Re: Java Crypto API questions
Message-ID: <199606021828.LAA01244@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:30 AM 6/2/96 -0700, Martin Minow wrote:
>>Today, CP's own Marianne Mueller was scheduled to give a talk at JavaOne on
>>the eagerly awaited (at least by this user) Java Crypto API.

>---- ---- ----
>Notes from the security birds of a feather session
>---- ---- ----
>
>-- Need multiple security managers: if any say no, reject the request.
>-- Servet, applet need different security managers.
>-- Problem with firewalls: client accesses server via firewall via
>   proxy servers. May not be able to open a URL directly.
>-- Java Commerce API coming for payment functions.
>-- Problem with foreign applet vendors: how can a non-US security
>   class vendor certify a class to be used (outside the US).
>   Currently, it must be imported and signed by Sun. But, then
>   it can't be exported without a Commerce Department license.
>   No (current) plans to establish a signing authority outside
>   of the U.S.

We've heard this assertion before.  Why not import the software, generate a 
detachable signature, and then export the signature for re-attachment overseas?

Surely export of signatures isn't controlled (even arguably) by ITAR.

Jim Bell
jimbell@pacifier.com





Thread