1996-06-03 - Re: Java Crypto API questions

Header Data

From: jim bell <jimbell@pacifier.com>
To: andrew_loewenstern@il.us.swissbank.com>
Message Hash: f942e8ac13266441f38eb0cc08250e0d2d5fdcc89c0f364085f9738d3305bac9
Message ID: <199606031521.IAA12484@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-06-03 20:56:35 UTC
Raw Date: Tue, 4 Jun 1996 04:56:35 +0800

Raw message

From: jim bell <jimbell@pacifier.com>
Date: Tue, 4 Jun 1996 04:56:35 +0800
To: andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Java Crypto API questions
Message-ID: <199606031521.IAA12484@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:17 AM 6/3/96 -0700, Jeff Weinstein wrote:
>Andrew Loewenstern wrote:
>> 
>> Moltar Ramone writes:
>> >  Probably.  But they won't be able to export the signed 3DES
>> >  package :) It leaves foreign vendors in trouble, is where.
>> 
>> Sun can export the signature though.  The vendor already has the package,
>> they just need the sig/cert...
>
>  Not likely.  Sun will probably be required to agree not to do this
>as a condition of exporting software with "pluggable crypto".  Software
>with hooks for crypto functions is treated the same as the actual crypto
>as far as the ITAR is concerned.

But you haven't explained why somebody can't export JUST the signature.  You 
know, import the software, have Sun sign it domestically, strip off everything that isn't a 
signature, and export the signature.  Append it to the un-imported code 
outside the country.

Jim Bell
jimbell@pacifier.com





Thread