From: shamrock@netcom.com (Lucky Green)
Date: Fri, 31 May 1996 16:35:27 +0800
To: cypherpunks@toad.com
Subject: Java Crypto API questions
Message-ID: <v02120d05add3f5807fe4@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


Today, CP's own Marianne Mueller was scheduled to give a talk at JavaOne on
the eagerly awaited (at least by this user) Java Crypto API. I could not
attend the conference, but downloaded the slides for the presentation
<http://java.sun.com/javaone/pres/Crypto.pdf>

Viewing the slides left me with some questions that I hope someone that
attended the talk might be able to answer:

o "Developers do not call into Security Packages directly."
It seems the developer calls java.security (presumably provided by Sun),
which then will call the Security Packages. Is this view correct?

o "Security Packages must be signed. Policy for signing is public and open."
I assume the packages must be signed by Sun. How much will it cost to have
a package signed? How do I obtain a copy of this "public and open" policy?

o "Exportable API. Exportable applications."
One code example shows performing a DES encryption. Another slide mentions
"Support for [...] RSA." This is exportable? What am I missing?

o Where can I get more info on "Jeeves", the Java HTTP Server?

TIA,


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.