www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davanum Srinivas <dava...@gmail.com>
Subject Getting a cert from SUN for JCE provider
Date Wed, 16 Nov 2005 13:27:59 GMT

Has anyone done this before? (for apache?) Please let me and werner
know if anyone has questions, concerns?


---------- Forwarded message ----------
To: <legal-discuss@apache.org>
Date: Wed, 16 Nov 2005 08:09:02 +0100
Subject: Question about some legal procedures for the Apache JuiCE
incubator project
Dear all,

during the course of the Apache incubator project "JuiCE"
we need some legal adivse. The aim of the project is to build
a Java Cryptographic Extension (JCE) provider. Because of
the JVM security policy it is required that the code must
reside in a signed Java Archive (jar). To sign this archive
we need a specific certificate approved by Sun.

To get such a certificate we need to perform some steps that
also include some legal actions.

Plaese refer to the steps as described in the document:

(Beware of linebreaks)

We could do all the preparations such as creating the
keystore, the certificate, the certificate signing request
and email the CSR to Sun.

When creating the certificate (as shown in the doc) we would like
to use the following Company Name (cn):

"The Apache Software Foundation" (without quotes).

For the information required in the e-mail (as per doc):

Company Name:                   "The Apache Software Foundation"
Street Address:                 "1901 Munsey Drive"
City:                                   "Forest Hill, MD 21050-2747"
Country:                                "USA"
Company Telephone Number
Company Fax Number              "+1.410.803.2258"
Requester Name:                 "Werner Dittmann"
Requester Telephone Number:     "+49 89 636 50265"
Requester Email Address:        "werner@apache.org"
Brief description of your company (size,
    line of business, etc.):
"The Apache Software Foundation provides organizational,
legal, and financial support for a broad range of open
source software projects. The Foundation provides an
established framework for intellectual property and
financial contributions that simultaneously limits
contributors potential legal exposure. Through a
collaborative and meritocratic development process,
Apache projects deliver enterprise-grade, freely
available software products that attract large
communities of users. The pragmatic Apache License
makes it easy for all users, commercial and individual,
to deploy Apache products."

(The latter copied from the website)

Modifying wrong/adding missing data will follow, also
if somebody else would like to step in as requestor - feel free :-).

About the paperwork (Certification Form):
We could prepare the document with all necessary information,
mail it to somebody at Apache Foundation who is entiteld
to sign it and forward it for further processing.

I would ask that somebody with legal backgound has a look
to that procedure and document. Can we use ASF as the legal
entity similar the implementors of BouncyCastle did it
(http://www.bouncycastle.org/)? What else shall be looked

We are also not sure because of US export regulations,
because the software is develpoed outside US but under the roof
of Apache. In fact the cryptographic functions are implemented
by OpenSSL not JuiCE directly because JuiCE is a JCE binding
to the OpenSSL crypto lib.

Any ideas, suggestions?


Davanum Srinivas : http://wso2.com/blogs/

DISCLAIMER: Discussions on this list are informational and educational
only.  Statements made on this list are not privileged, do not 
constitute legal advice, and do not necessarily reflect the opinions 
and policies of the ASF.  See <http://www.apache.org/licenses/> for 
official ASF policies and documents. 
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message