From: jim bell <jimbell@pacifier.com>
Date: Tue, 4 Jun 1996 04:56:35 +0800
To: andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Java Crypto API questions
Message-ID: <199606031521.IAA12484@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:17 AM 6/3/96 -0700, Jeff Weinstein wrote:
>Andrew Loewenstern wrote:
>> 
>> Moltar Ramone writes:
>> >  Probably.  But they won't be able to export the signed 3DES
>> >  package :) It leaves foreign vendors in trouble, is where.
>> 
>> Sun can export the signature though.  The vendor already has the package,
>> they just need the sig/cert...
>
>  Not likely.  Sun will probably be required to agree not to do this
>as a condition of exporting software with "pluggable crypto".  Software
>with hooks for crypto functions is treated the same as the actual crypto
>as far as the ITAR is concerned.

But you haven't explained why somebody can't export JUST the signature.  You 
know, import the software, have Sun sign it domestically, strip off everything that isn't a 
signature, and export the signature.  Append it to the un-imported code 
outside the country.

Jim Bell
jimbell@pacifier.com