RFR: 8061842: Package jurisdiction policy files as something other than JAR
Anthony Scarpino
anthony.scarpino at oracle.com
Thu Aug 25 01:58:26 UTC 2016
On 08/24/2016 05:21 PM, Bradford Wetmore wrote:
[...]
>
> Sean Mullan wrote:
>
> > What about setting the default value to "limited"? And then this
> > would only be changed to "unlimited" if the build --enable-unlimited-
> > crypto option is specified?
>
> I could, but I'm concerned that a build with --enabled-unlimited-crypto
> would expect that the compiled-in version default would also be
> unlimited and would be surprised with limited.
>
> Upon Max's suggestion above, I've changed the name of the marker to
> "crypto.policy=crypto.policydir-tbd." Does that work for you?
So by having no crypto.policy defined we have no JCA? Does that mean no
operations at all (No MessageDigest, etc) or no restrictable crypto ops?
Since we know a limited number of countries have import issues, can we
make no crypto.policy property defined as unlimited policy? Defining
the property would be for only limiting the access. We could get rid of
the unlimited policy file and just ship a limited policy file.
Tony
More information about the security-dev
mailing list