On Mon, May 14, 2007 at 11:06:47AM -0600, [EMAIL PROTECTED] wrote: > Ian G wrote: > > * Being dependent on PKI style certificates for signing, > ... > > The most important motivation at the time was to avoid the risk of Java being > export-controlled as crypto. The theory within Sun was that "crypto with a > hole" would be free from export controls but also be useful for programmers.
"crypto with a hole" (i.e., a framework where anyone can plug anyone else's crypto) is what was seen as bad. The requirement for having providers signed by a vendor's key certified by Sun was to make sure that only providers from suppliers not from, say, North Korea etc., can be loaded by the pluggable frameworks. As far as I know the process for getting a certificate for this is no more burdensome to any third parties, whether open source communities or otherwise, than is needed to meet the legal requirements then, and since, in force. Of course, IANAL and I don't represent Sun, and you are free not to believe me and try getting a certificate as described in Chapter 8 of the Solaris Security Developers Guide for Solaris 10, which you can find at: http://docs.sun.com Comments should probably be sent to [EMAIL PROTECTED] Cheers, Nico -- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
