Date: Tue, 24 Dec 1996 09:35:52 -0800
From: db@doppio (David Brownell - JavaSoft)
Message-Id: <199612241735.JAA07478@argon.eng.sun.com>
To: cbd@zurich.ibm.com, mrm@doppio
Subject: Re: SSL [was: javakey - confused documentation]
> > -- is SUN going after an SSL implementation in Java? or do you follow the
> > SSLava lead? (www.phaos.com)
>
> We are working on SSL in Java - an early server-side implementation
> can be experimented with if you download a copy of our Java Server
> from http://java.sun.com/products/java-server.
Actually that includes both client and server sides; most of the code is
in common. The alpha2 "US Domestic" release" has APIs which show the basic
idea (subclass "Socket" and "ServerSocket"), but they've improved a lot now.
There is some basic server side session management, for example, and better
APIs for key management. Also, if you count it as an "SSL" API, there's an
"https" URL protocol handler (it subclasses the "http" one).
Early next month I expect to have more interesting APIs ... "interesting"
in the sense that I could possibly see JavaSoft sticking with them, which
is not the case with the APIs you'll see on that web page. However, we
all know that APIs invariably change as feedback is received.
> Actually since you
> are in Switzerland you can't download the version of SSL we have now
> since right now we only have the "strong" crypto version,but, the server
> team is planning a globally distributable version of the Java Server
> with SSL in early 1997. (By March anyway.) But you can look at
> the documentation online and get an idea for how that version of SSL
> works with the other Java classes. Over time, we expect that SSL will
> migrate into the JDK,but that migration path isn't laid out yet.
In no small part because the JDK has to change its definition before it
can incorporate this type of export-controlled technology!
- Dave