Some questions about the SSL Standard Extension

Paul Tomblin (ptomblin@bluelobster.com)
Tue, 31 Mar 1998 14:34:09 -0600

Date: Tue, 31 Mar 1998 14:34:09 -0600
From: "Paul Tomblin" <ptomblin@bluelobster.com>
To: java-security@web4.javasoft.com
Subject: Some questions about the SSL Standard Extension

I've been trying in vain to get some information about this package, and I was
wondering if this is the right address to write to for help.

Our company is looking to write a server that implements crypto between itself
and clients that we've written and clients that our customers write.

Here are my questions:
1. Is there an SSL Standard Extension reference implementation?
2. If not, when will there be?
3. Will it work with Java 1.1 or do I have to write my code to Java 1.2?
4. If there is a reference implementation, does it support strong crypto? Is
there a weak crypto exportable version?
5. Can SSL SE be used in an applet? Does that restrict the cryto to using weak
crypto if they don't have the SSL SE loaded locally? Is the answer to this
question different if we use code signing?
6. Do you know of companies that are producing or going to produce SSL SEs? I
know of companies that produce SSL libraries that are NOT written to this spec,
like Baltimore, JCP and SSLava.

Thanks for any information you can shed on this.

Paul Tomblin, Blue Lobster Software.