no surprise - Sun fails to open source the crypto part of Java
Nicolas Williams
Nicolas.Williams at sun.com
Mon May 14 20:51:19 EDT 2007
On Mon, May 14, 2007 at 11:06:47AM -0600, zooko at zooko.com wrote:
> Ian G wrote:
> > * Being dependent on PKI style certificates for signing,
> ...
>
> The most important motivation at the time was to avoid the risk of Java being
> export-controlled as crypto. The theory within Sun was that "crypto with a
> hole" would be free from export controls but also be useful for programmers.
"crypto with a hole" (i.e., a framework where anyone can plug anyone
else's crypto) is what was seen as bad.
The requirement for having providers signed by a vendor's key certified
by Sun was to make sure that only providers from suppliers not from,
say, North Korea etc., can be loaded by the pluggable frameworks. As
far as I know the process for getting a certificate for this is no more
burdensome to any third parties, whether open source communities or
otherwise, than is needed to meet the legal requirements then, and
since, in force.
Of course, IANAL and I don't represent Sun, and you are free not to
believe me and try getting a certificate as described in Chapter 8 of
the Solaris Security Developers Guide for Solaris 10, which you can find
at:
http://docs.sun.com
Comments should probably be sent to security-discuss at opensolaris.org.
Cheers,
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list