Heh. Everything we will do is legal :)
The point is - would taking some source from BC be the smart thing to do
- would it be complete, and what kind of maintenance burden would this
be going forward? Would some kind of re-packaged artifact from the BC
project itself be better?
Do we need source? Could we have a step where we re-package BC code in
a form more suited for our purposes?
geir
Mikhail Loenko wrote:
We can if it is legal
Thanks,
Mikhail
On 2/10/06, Geir Magnusson Jr <[EMAIL PROTECTED]> wrote:
So I'll ask the obvious - can we borrow some of this from BC?
Stepan Mishura wrote:
We should have at least to verify BC provider:
1) Message digest algorithm: SHA-1
2) Signature algorithm: SHA1withDSA
Other jars may require additional algorithms, for example, SHA1withRSA. We
can verify BC provider first and use it for further jar verifications.
Thanks,
Stepan Mishura
Intel Middleware Products Division
On 2/10/06, George Harley <[EMAIL PROTECTED]> wrote:
Hi Tim,
In order to verify the signature of those signed provider jars I believe
that you would also need trusted implementations of :
* SHA-1 and MD5 digest algorithms
* DSA and RSA signature algorithms
Best regards,
George
IBM UK
Tim Ellison wrote:
Stepan Mishura wrote:
<snip>
Returning back to the 'missing post'. I agreed with suggestion but
currently
we don't have Harmony provider so we should define how we locate
'trusted
provides' to be secure.
We just need a trusted SHA1PRNG, right? then we can open signed
providers' jars and get any others.
Regards,
Tim
--