geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geir Magnusson Jr <>
Subject Re: Export control for crypto in Geronimo?
Date Tue, 20 Sep 2005 19:32:55 GMT

On Sep 20, 2005, at 3:18 PM, Dain Sundstrom wrote:

> Hi all,
> I'm starting to get requests internally from IBM regarding the  
> crypto technologies we ship with Geronimo, so that IBM can obtain  
> an export license for a product based on Geronimo.  From what I  
> understand, anyone that wants to ship a product containing Geronimo  
> from the United States to another nation will need this list, so  
> I'd like to gather this information once and make it available via  
> our website to everyone.
> So what I need from you guys is any information on cryptographic  
> technologies we have implemented or are shipping with Geronimo.   
> This is what I have so far:
> JavaVM - Ships with several crypto implementations, but I don't  
> think we need to document this since we are not shipping the VM.
> BouncyCastle - Although we are not using any of the crypto  
> implementations from this library, we do ship it.  This library  
> also has other problems such as restrictive patents, so I'm not  
> sure want to keep shipping it anyway.  I'll handle this one...

No.  The BouncyCastle dependency is in process of being removed.   
We've been discussing it on the dev list for weeks, it seems :)

I think that Rick has this one wrapped up.

> Jetty - contains several crypto implementations including unix  
> crypt, md5 hash and a weak obfuscater.  I'm going to contact Greg  
> to see if he already has a list.
> Do you know of any other crypt implementations we include or even  
> something as trivial as the Jetty plain text obfuscater?
> Thanks in advance,
> -dain

Geir Magnusson Jr                                  +1-203-665-6437

View raw message