On Sunday 30 Sep 2012 23:31:52 Steve Dougherty wrote: > Because of all the crypto annoyances with Java 6 not having JCA, > nextgens, p0s, and I were discussing upgrade paths to Java 7. > > We established that: > * Oracle will begin auto-updating some Windows users from 32-bit Java > 6 to 32-bit Java 7 in December 2012. This is scheduled to expand to > all Windows users in February 2013. [0] > * On 64-bit Windows 32-bit Java is recommended, and 64-bit Java does > not currently have auto-update capabilities. [1] > > Upon looking into it I'm not so confident that Java 7 does away with > crypto strength limitations. It seems like both 6 and 7 require > installation of policy files to get larger key sizes. [2][3] Am I > missing something?
IMHO we should recommend OpenJDK on Linux. AFAICS it has sufficient maturity now, and the packaging issues with Oracle Java are a major security headache. Clearly we will need to support Sun for some time on Windows though. So if this is true, we're gonna have to ship some sort of hack-around for some time. :( Getting Freenet certified, so we can use the full strength crypto, is legally possible (there are exceptions for stuff like freenet) but likely technically/logistically/bureaucratically unreasonable and probably expensive too. > > Thanks, > operhiem1 > > [0] > http://www.oracle.com/technetwork/java/javase/documentation/autoupdate-1667051.html > [1] https://www.java.com/en/download/faq/java_win64bit.xml > [2] > http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppC > [3] > http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#importlimits
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
