Date: Thu, 31 Jul 1997 18:08:59 -0700
Message-Id: <199708010108.SAA03082@puffin.eng.sun.com>
From: Marianne Mueller <mrm@Eng>
To: gavelli@athena.polito.it
Subject: Re: Exporting JCE outside US
The JCE is a little different from complete applicatins that include
encryption.
Typically, a "complete application" is what is approved for export.
This is the case for Netscape. They obtained approval for export of
their products that contain strong encryption as long as they export
it to certain approved customers, for example, banks.
A cryptographic library is a different matter - as things currently
stand, there are no provisions for exporting a library that exposes
cryptographic APIs, regardless of the strength of encryption, or the
intended customer.
There is a bill pending in the US congress that would potentially
loosen the controls on the APIs. The latest analysis I read in the
newspaper about this bill (the Goodlatte bill, or the "SAFE" bill), is
that it does have support in the US House of Representatives, the
Senate is unclear, and it's expected the administration (i.e. the
President) would veto the bill if it does pass the congress.
What we are doing is publishing the specification for the JCE.
Note that the JCE is evolving, based on feedback we get from people
who are using it or implementing providers to it, so please understand
that the initial specification will change substantially over time to
reflect the comments and needs of our initial users. The
specification is found at
http://java.sun.com/security/JCE1.1/earlyaccess/index.html