You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by Dain Sundstrom <da...@iq80.com> on 2005/09/20 21:18:20 UTC

Export control for crypto in Geronimo?

Hi all,

I'm starting to get requests internally from IBM regarding the crypto  
technologies we ship with Geronimo, so that IBM can obtain an export  
license for a product based on Geronimo.  From what I understand,  
anyone that wants to ship a product containing Geronimo from the  
United States to another nation will need this list, so I'd like to  
gather this information once and make it available via our website to  
everyone.

So what I need from you guys is any information on cryptographic  
technologies we have implemented or are shipping with Geronimo.  This  
is what I have so far:

JavaVM - Ships with several crypto implementations, but I don't think  
we need to document this since we are not shipping the VM.

BouncyCastle - Although we are not using any of the crypto  
implementations from this library, we do ship it.  This library also  
has other problems such as restrictive patents, so I'm not sure want  
to keep shipping it anyway.  I'll handle this one...

Jetty - contains several crypto implementations including unix crypt,  
md5 hash and a weak obfuscater.  I'm going to contact Greg to see if  
he already has a list.



Do you know of any other crypt implementations we include or even  
something as trivial as the Jetty plain text obfuscater?

Thanks in advance,

-dain

Re: Export control for crypto in Geronimo?

Posted by Geir Magnusson Jr <ge...@4quarters.com>.

On Sep 20, 2005, at 3:18 PM, Dain Sundstrom wrote:

> Hi all,
>
> I'm starting to get requests internally from IBM regarding the  
> crypto technologies we ship with Geronimo, so that IBM can obtain  
> an export license for a product based on Geronimo.  From what I  
> understand, anyone that wants to ship a product containing Geronimo  
> from the United States to another nation will need this list, so  
> I'd like to gather this information once and make it available via  
> our website to everyone.
>
> So what I need from you guys is any information on cryptographic  
> technologies we have implemented or are shipping with Geronimo.   
> This is what I have so far:
>
> JavaVM - Ships with several crypto implementations, but I don't  
> think we need to document this since we are not shipping the VM.
>
> BouncyCastle - Although we are not using any of the crypto  
> implementations from this library, we do ship it.  This library  
> also has other problems such as restrictive patents, so I'm not  
> sure want to keep shipping it anyway.  I'll handle this one...

No.  The BouncyCastle dependency is in process of being removed.   
We've been discussing it on the dev list for weeks, it seems :)

I think that Rick has this one wrapped up.


>
> Jetty - contains several crypto implementations including unix  
> crypt, md5 hash and a weak obfuscater.  I'm going to contact Greg  
> to see if he already has a list.
>
>
>
> Do you know of any other crypt implementations we include or even  
> something as trivial as the Jetty plain text obfuscater?
>
> Thanks in advance,
>
> -dain
>
>

-- 
Geir Magnusson Jr                                  +1-203-665-6437
geir@optonline.net