Date: Tue, 31 Mar 1998 12:00:47 -0800
From: David.Brownell@Eng (David Brownell)
Message-Id: <199803312000.MAA24555@argon.eng.sun.com>
To: java-security@web4.javasoft.com, ptomblin@bluelobster.com
Subject: Re: Some questions about the SSL Standard Extension
The JavaServer Engine, available this summer, should include
JavaSoft's implementation of this API; it's a JDK 1.1 based
system. We have both weak/exportable and strong versions.
You might be interested in that product for your work.
JavaSoft has shipped this same implementation in a variety of
other products, such as HotJava Browser, HotJava Views, JavaOS,
and the Java Web Server. The first three of those support use
of SSL (and HTTPS) from applets.
Since I'm not responsible any longer for that package, I can't
say what the current status of API adoption is. Last summer,
several major Java partners (including a big browser vendor :-)
had claimed to have adoption plans, but I don't think they've
shipped any SSL API (beyond HTTPS) yet.
- Dave
> From ptomblin@bluelobster.com Tue Mar 31 11:40:58 1998
> Date: Tue, 31 Mar 1998 14:34:09 -0600
> From: "Paul Tomblin" <ptomblin@bluelobster.com>
> To: java-security@web4.javasoft.com
> Subject: Some questions about the SSL Standard Extension
>
> I've been trying in vain to get some information about this package, and I was
> wondering if this is the right address to write to for help.
>
> Our company is looking to write a server that implements crypto between itself
> and clients that we've written and clients that our customers write.
>
> Here are my questions:
> 1. Is there an SSL Standard Extension reference implementation?
> 2. If not, when will there be?
> 3. Will it work with Java 1.1 or do I have to write my code to Java 1.2?
> 4. If there is a reference implementation, does it support strong crypto? Is
> there a weak crypto exportable version?
> 5. Can SSL SE be used in an applet? Does that restrict the cryto to using weak
> crypto if they don't have the SSL SE loaded locally? Is the answer to this
> question different if we use code signing?
> 6. Do you know of companies that are producing or going to produce SSL SEs? I
> know of companies that produce SSL libraries that are NOT written to this spec,
> like Baltimore, JCP and SSLava.
>
> Thanks for any information you can shed on this.
>
> Paul Tomblin, Blue Lobster Software.
>