[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [iaik-jce] Java JCE 1.2.1 Spec - a danger for iaik??
very interesting question. My thoughts:
- It's not the API that can force signed providers but the framework (the
classes). Since most providers (IAIK, Cryptix, DSTC, ...) all have their
of the framework there's no reason why these framework implementations
can't be used
anymore. Or why they can't be upgraded to the 1.2.1 API, without
implementing the signature
- And even if SUN distributes products based on JCE1.2.1, I think it would
be still possible
to replace the SUN provider + framework implementation by another one.
- BUT I think the only problem would be if the JCE would move into the core
classes: if the
javax.crypto classes become a fixed part of each Java distribution,
applications may be
obliged to use them.
I'd love to hear some critiques, remarks, ... on this,
there is a new specification from SUN JCE 1.2.1 which assumes a digital
accepted by SUN and the NSA for the security providers.
Does this effect iaik JCE? Or could you still use iaik JCE?
> Berend Boll
To unsubscribe send an email to email@example.com with the folowing content:
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html
To unsubscribe send an email to firstname.lastname@example.org with the folowing content: UNSUBSCRIBE iaik-jce