From: Filip Van Laenen <fvl@computas.no>
To: "'java-security@java.sun.com'" <java-security@web1.javasoft.com>
Subject: Question/Comment about Java Cryptography Architecture API Specifi
Date: Tue, 16 Dec 1997 10:43:20 +0100
Hi,
I just read the document from your site, and was a bit disappointed
because the term 'cryptography' is at least a bit misleading: the
document deals with hashes, keys, signing and verifying a digital
signature, but there is no encryption API. I suppose this is because
SUN wouldn't be allowed to export any product with strong cryptographic
mechanisms (or hooks to it) from the US to the rest of the world, and
an API which would support full DES or RSA could be regarded as such a
product. However, I would like that you wouldn't use 'Cryptography' in
the title of your document, but rather use a restricting term like
'Digital Signature' or such.
There is also a small comment on the properties of a digest (in The
MessageDigest Class). People often also like that a digest has the
property that it is computationally infeasible to find any two
(non-trivial) different input strings that will generate the same
digest. This property is a harder property, but may be important in
some cases. You may want to mention the property anyway.
Kind regards,
Filip
Filip Van Laenen
fvl@computas.no | f.a.vanlaenen@ieee.org
http://freeusers.digibel.be/~vlaenen
Telefon: +47 67 55 54 25 Fax: +47 67 54 10 11