Signatures and Encryption VS. IMPORT restrictions

Michael Agishtein (misha@chacham.unx.dec.com)
Fri, 12 Dec 1997 12:15:41 -0500

Message-Id: <3491713D.41C6@chacham.unx.dec.com>
Date: Fri, 12 Dec 1997 12:15:41 -0500
From: Michael Agishtein <misha@chacham.unx.dec.com>
To: java-security@web1.javasoft.com
Subject: Signatures and Encryption VS. IMPORT restrictions

Dear Sun Security Team:

Could you please direct us, how to solve our issues within Java
security model?

Our task is a client-server system-management application in Java.
The sysadmin gains root access from (any) remote screen to work on the
server. He can also start some service apps, so we need short life-span
security tokens. The system is to be shipped internationally.

We are torn between:
-sending the root password in the CLEAR.
-import restrictions on encryption in, say, FRANCE

Could you please tell us:

-What is the correct mechanizm for safe authenticated access to
Java Daemons?

-Is (jdk.1.1).java.security.* (or stubbed version) allowed in
e.g., France?

-Is there "public domain" SSL library (or other) compatible with Java?
Any way to use it seamlessly (stubs?) outside the US?

Thanks in advance,
Michael Agishtein