RE: FCS coming up?

Frank Yellin (Frank.Yellin@eng.sun.com)
Wed, 10 Mar 1999 14:48:32 -0800

From: "Frank Yellin" <Frank.Yellin@eng.sun.com>
To: <Frank.Yellin@eng.sun.com>, "David Brownell" <David.Brownell@eng.sun.com>,
Subject: RE: FCS coming up?
Date: Wed, 10 Mar 1999 14:48:32 -0800
In-Reply-To: <000401be6b36$88bdaad0$45b09081@schmutz.eng.sun.com>

[This was originally sent to jsn-dev@java.sun.com, which is what Li Gong
told me was
the right address. It bounced, so I must have it wrong.
I'm mailing it again.

Is there some alternative to java-security that's internal only?
]

> Jan and others: Please take all my comments in the following light. I am
> an experienced Java user. I am an inexperienced user of the
> JCE. I had nothing to do with its design. I know very little of its
> internal workings. I have to take it as it is.
>
> I would like every user's first experience with the JCE to be pleasurable.
> I mostly liked it, but found a couple of things to be indecipherable (if
> you'll
> pardon the pun). I knew what it was that I wanted to do, and
> just couldn't
> figure out how to do it, or would get strange error messages. I
> don't want
> future users to experience this.
>
> I'm not trying to be picky for the sake of being picky. I really do think
> that
> I'm somewhat representative of your intended user base.
>
> For example:
>
> Part of my project was doing key exchange. It was purely my
> confusion that
> led
> me to use DES/ECB instead of DES/CBC. [Clearly DES/CBC is better,
> especially when
> encrypting serialized objects. Serialized objects tend to have lots of
> stylized
> and redundant information in them that make them especially prone to a
> dictionary
> attack.] I would have found it truly bizarre that I couldn't do DES/CBC
> key exchange
> in the exact same way that the document says to do DES/ECB key exchange.
>
> And if I couldn't, I would certainly expect the documentation to be
> explicitly
> clear about this.
>
> Another example:
>
> As I said earlier, I truly expected
> KeyGenerator.getInstance("HmacSHA1");
> to work. I assumed that Hmac needed secret keys, just like anything else
> a secret-key generator would make on for me.
> To get this to work would be ten-minute's work on the Provider's part, and
> would
> have saved this user probably more than an hour in figuring out
> what to do,
> and
> hacking up a solution.
>
> I honestly don't understand what the resistance is to giving normal users
> (me, for
> example) what it is they reasonable expect.
>
>
>
>
>
>
>