In the security sub-project, we have implemented Java and (to a lesser extent) C++ support for the XML Digital Signature standards. The next mountain to climb is XML Encryption (and the Java guys have already started this).
We are not too sure what the legal implications for Apache might be if we start making code that uses encryption. The general feeling within the sub-project is that it should not be an issue, because we are not actually implementing any encryption algorithms directly. (OpenSSL is used for C++ and any JCE compliant crypto library is used for Java.)
I know back in the bad old days, even applications that had hooks for
crypto could get in trouble, but my understanding these days is that with the relaxation of the various export controls this is now OK. However I'm not a lawyer by any means.
Any thoughts and/or suggestions on a way forward welcome.
Cheers,
Berin--------------------------------------------------------------------- In case of troubles, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
