From: Moltar Ramone <jlasser@rwd.goucher.edu>
To: Lucky Green <shamrock@netcom.com>
Message Hash: 93a05912cc78ac4939e783a09f1dfa9025f26cc07928a580c0e05e18c5b3a08d
Message ID: <Pine.SUN.3.91.960531081207.28351B-100000@rwd.goucher.edu>
Reply To: <v02120d05add3f5807fe4@[192.0.2.1]>
UTC Datetime: 1996-05-31 18:53:48 UTC
Raw Date: Sat, 1 Jun 1996 02:53:48 +0800
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Sat, 1 Jun 1996 02:53:48 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Java Crypto API questions
In-Reply-To: <v02120d05add3f5807fe4@[192.0.2.1]>
Message-ID: <Pine.SUN.3.91.960531081207.28351B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain
On Thu, 30 May 1996, Lucky Green wrote:
> o "Security Packages must be signed. Policy for signing is public and open."
> I assume the packages must be signed by Sun. How much will it cost to have
> a package signed? How do I obtain a copy of this "public and open" policy?
>
> o "Exportable API. Exportable applications."
> One code example shows performing a DES encryption. Another slide mentions
> "Support for [...] RSA." This is exportable? What am I missing?
My guess would be that the first of these two points answers the second.
Everything is exportable -- except signed third-party security packages.
My bet would be that the exportable code would not be more than RC4-40 or
perhaps 1DES, but that a signed package would go to RC4-128, 3DES, and
RSA-1024. However, the signature on that package would be on the
condition that the vendor/distributor of that package follow all export
regulations.
This is the way Micro$oft's CAPI is supposed to work; it's got
commodities jurisdiction approval already, my bet is Sun can get the same.
----------
Jon Lasser (410)532-7138 - Obscenity is a crutch for
jlasser@rwd.goucher.edu inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D) - Fuck the CDA.
Return to May 1996
Return to “shamrock@netcom.com (Lucky Green)”