[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] Java JCE 1.2.1 Spec - a danger for iaik??



We have already looked at this issue and I basically agree with what Stef
said in his email. The problem is that you cannot use the IAIK provider
with the Sun JCE 1.2.1 implementation but this is not a problem for most
people as they use our JCE implementation anyway.

For those people who need to use the Sun JCE implementation for any
reason we can at the moment only recommend using JCE 1.2, which is still
available from the Sun web site.

We are also investigating the possibility of obtaining a certificate from
Sun to sign our JCE with, the conditions upon which such a certificate is
granted is still unclear, however. In any case you can be assured that we
will _under no circumstances_ make changes to _weaken our code_ in order
to achieve that.

In short, we are not overly concerned about this issue at the moment and
we believe there is no reason for our customers to be concerned either. I
would also assume that before long a patch will appear to make the Sun
JCE 1.2.1 accept unsigned providers as well, which may simplify the
problem at least somewhat.

Regards,

 Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.at


-----Ursprüngliche Nachricht-----
Von: "Boll, Berend" <Berend.Boll@telekom.de>
An: <iaik-jce@iaik.tu-graz.ac.at>
Gesendet: Donnerstag, 28. September 2000 12:29
Betreff: [iaik-jce] Java JCE 1.2.1 Spec - a danger for iaik??


> All,
>
> there is a new specification from SUN JCE 1.2.1 which assumes a digital
signature
> accepted by SUN and the NSA for the security providers.
>
> Does this effect iaik JCE? Or could you still use iaik JCE?
>
>  http://www.ibiblio.org/javafaq/reports/JCE_1.2.1.html
>
> > Berend Boll
> > mailto:berend.boll@telekom.de
> > http://www.berkom.de




smime.p7s