Re: Exportability questions.

Jan Luehe (Jan.Luehe@Eng)
Wed, 21 Jan 1998 16:13:12 -0800 (PST)

Date: Wed, 21 Jan 1998 16:13:12 -0800 (PST)
From: Jan Luehe <Jan.Luehe@Eng>
Subject: Re: Exportability questions.
To: java-security@web2.javasoft.com, ic@ns.datadesign.se

Joachim:

The JCE 1.2 product with its pluggable providers is not exportable.
However, the JCE API and SPI methods are exportable, and there already are
independent implementations of these methods outside of the U.S./Canada.
For example, we know of implementations in the UK and Australia.
The JCE 1.2 APIs/SPIs are not frozen (JCE 1.2 currently is in early access stage).
Expect changes!

Please note that we plan to make JCE 1.3 exportable. However, we do not have a
concrete time schedule for JCE 1.3 yet.

Jan

> 1) JCE is not exportable. Would parts of it be exportable (like the inter-
> faces and non cryptographic classes) for us that would like to develop
> our own cryptographical algorithms outside of the USA? In that case, a
> way to get the interfaces and classes that do not contain actual crypto-
> code would be GREATLY appreciated. I'm right now in a position where I'm
> developing my own cryptographic classes for a financial application, and
> I'd - if possible - want to adapt them to the JCE framework.
> My only option right now would be too look at the interface definitions
> and - using examples from the MessageDigest etc. classes in the JDK -
> duplicate your work. This would be doubtful both in the "legal" case of
> basically cut and pasting your code, and of course not an appreciated use
> of time :(
>
> 2) If the export laws prevent you from exporting, what are the legal problems
> with developing the actual code outside of the US and exporting it from a
> country in Europe? I'm assuming there are problems since noone is doing it.
>
> Thanks,
>
> Joachim Isaksson
> Technical Project Manager
> Interbizz Financial Systems
> Joachim.Isaksson@interbizz.com
> Phone: +46-920-235200
> Fax: +46-920-211300
>
>
>
>
>