Hi all,
I'm starting to get requests internally from IBM regarding the crypto
technologies we ship with Geronimo, so that IBM can obtain an export
license for a product based on Geronimo. From what I understand,
anyone that wants to ship a product containing Geronimo from the
United States to another nation will need this list, so I'd like to
gather this information once and make it available via our website to
everyone.
So what I need from you guys is any information on cryptographic
technologies we have implemented or are shipping with Geronimo. This
is what I have so far:
JavaVM - Ships with several crypto implementations, but I don't think
we need to document this since we are not shipping the VM.
BouncyCastle - Although we are not using any of the crypto
implementations from this library, we do ship it. This library also
has other problems such as restrictive patents, so I'm not sure want
to keep shipping it anyway. I'll handle this one...
Jetty - contains several crypto implementations including unix crypt,
md5 hash and a weak obfuscater. I'm going to contact Greg to see if
he already has a list.
Do you know of any other crypt implementations we include or even
something as trivial as the Jetty plain text obfuscater?
Thanks in advance,
-dain
- Export control for crypto in Geronimo? Dain Sundstrom
-
