no surprise - Sun fails to open source the crypto part of Java

Ian G iang at systemics.com
Tue May 15 05:37:56 EDT 2007 

Nicolas Williams wrote:
> On Mon, May 14, 2007 at 11:06:47AM -0600, zooko at zooko.com wrote:
>>  Ian G wrote:
>>> * Being dependent on PKI style certificates for signing, 
>> ...
>>
>> The most important motivation at the time was to avoid the risk of Java being
>> export-controlled as crypto.  The theory within Sun was that "crypto with a
>> hole" would be free from export controls but also be useful for programmers.
> 
> "crypto with a hole" (i.e., a framework where anyone can plug anyone
> else's crypto) is what was seen as bad.


But that's what they've got.  If the theory was that they 
needed to provide crypto without a hole, then they shouldn't 
have provided the crypto.  *The framework is the hole*, and 
pretending to stop other holes from being added is a fool's 
game.

Which isn't to say that this is the end of the story.  The 
story was no doubt very complex.

Some topic drift (as Lynn would say):  I did a fair bit of 
investigation on the SSL v1 -> v2 transition and discovered 
10 different forces working at the time.  As a historical 
comparison, we can suggest that Sun's Java group faced the 
same messy cauldron of forces at the time of the JCA being 
designed.  In that historical investigation I concluded that 
Netscape could not avoid the forces, and quite possibly ("no 
surprise") the Sun group cannot avoid the forces either.


> The requirement for having providers signed by a vendor's key certified
> by Sun was to make sure that only providers from suppliers not from,
> say, North Korea etc., can be loaded by the pluggable frameworks.


OK, but can we agree that this is a motive outside normal 
engineering practices?  And it is definately nothing to do 
with security as understood at the language and application 
levels?

The point is that once we agree that this is an "outside" 
requirement, then we can see that as it starts to impact the 
security architecture, it can only worsen the security.


> As
> far as I know the process for getting a certificate for this is no more
> burdensome to any third parties, whether open source communities or
> otherwise, than is needed to meet the legal requirements then, and
> since, in force.


 From what the guys in Cryptix have told me, this is true. 
Getting the certificate is simply a bureaucratic hurdle, at 
the current time.  This part is good.  But, in the big picture:

J1.0:  no crypto
J1.1:  crypto with no barriers
J1.2:  JCA with no encryption, but replaceable
J1.4:  JCA with low encryption, stuck, but providers are easy
J1.5:  JCA, low encryption, signed providers, easy to get a 
key for your provider
J1.6:  ??

(The java version numbers are descriptive, not accurate.)

The really lucky part here is that (due to circumstances 
outside control) the entire language or implementation has 
gone open source.

No more games are possible ==>  outside requirements are 
neutered.  This may save crypto security in Java.


> Of course, IANAL and I don't represent Sun, and you are free not to
> believe me and try getting a certificate as described in Chapter 8 of
> the Solaris Security Developers Guide for Solaris 10, which you can find
> at:


Sure.  There are two issues here, one backwards-looking and 
one forwards-looking.

1.  What is the way this should be done?  the Java story is 
a good case study of how the software engineering department 
put in place a heavyweight structure that drifted away from 
security.  We can learn from that.

2.  What is needed now?  Florian says the provider is 
missing and the "root list" is empty.  What to do?  Is it 
time to reinvigorate the open source Java crypto scene?

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list