From: shamrock@netcom.com (Lucky Green)
Date: Tue, 4 Jun 1996 07:21:01 +0800
To: andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Java Crypto API questions
Message-ID: <v02120d04add8d2c68a13@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:17 6/3/96, Jeff Weinstein wrote:

>> Sun can export the signature though.  The vendor already has the package,
>> they just need the sig/cert...
>
>  Not likely.  Sun will probably be required to agree not to do this
>as a condition of exporting software with "pluggable crypto".  Software
>with hooks for crypto functions is treated the same as the actual crypto
>as far as the ITAR is concerned.

Then how can Sun claim that their system is
1. Exportable
2. Does RC-4 and DES?

The Java Crypto AIP presentation slides that are available on Sun's website
clearly make both claims.

Unfortunately, the feedback address that Sun provides in the slides is
unknow to their mailserver (at least it was last week) and no further
information seem to be avaiable about their "public and open" policy.

Confused,

Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.