Re: JCE international

Marianne Mueller (mrm@Eng)
Sun, 27 Jul 1997 17:18:56 -0700

Date: Sun, 27 Jul 1997 17:18:56 -0700
Message-Id: <199707280018.RAA09499@puffin.eng.sun.com>
From: Marianne Mueller <mrm@Eng>
To: grosen@idc.ac.il
Subject: Re: JCE international

You may freely download the java.security.* code that is in the JDK
(digital signatures), but not that which is in the JCE
(encryption/decryption APIs.)

US government regulations prohibit the export of cryptographic APIs.
This is independent of the strength of encryption in the libraries
that implement those APIs; it's the fact of their being APIs that make
them unexportable. I know that might not seem logical, but these are
the regulations. I believe the intent is to make 'pluggable'
cryptographic libraries not achievable without some sort of oversight
(for example, by ensuring the "pluggability" is controlled.)

For more information on
U.S. encyption policies, refer to these web sites:

U.S. Dept of Commerce www.doc.gov
Export Policy Resource Page www.crypto.com
Computer Systems Public Policy www.cspp.org

Thanks,
Marianne