The JESSIE frequently asked questions.

Q. So what is this?

A. A cleanroom implementation of the Java Secure Sockets Extension,
the JSSE, as it appears in the Java 1.4 class libraries. This includes
the packages javax.net, javax.net.ssl, and javax.security.cert, and a
security provider that provides an implementation of secure sockets.

That is, Jessie provides a full implementation of the secure socket
protocols SSLv3, TLSv1, and the (forthcoming) TLSv1.1. It is a full
Java API for creating clients and servers that communicate over SSL.


Q. So why should I care?

A. You should if you are interested in free software implementations of
the Java language. Right now Jessie is the only free software package
implementing the JSSE API, so if you want to program JSSE applications
using free software, this is your only choice.


Q. Is it production-ready?

A. No. Right now it is not even complete. The JSSE API is complete
right now, but has not been thoroughly tested.


Q. Is it secure?

A. Maybe. Designing secure systems is a subtle and difficult thing to
do. While I have taken every precaution to make the right choices with
known weaknesses, I am a far from perfect coder.


Q. What other software does this depend on?

A. GNU Classpath and GNU Crypto are the only dependencies. Some of the
security architecture of Classpath (the bits that I contributed to
Classpath, incidentally) and the cryptography algorithms from GNU
Crypto are used.

These packages are available from

<http://www.gnu.org/software/classpath/>
<http://www.gnu.org/software/gnu-crypto/>


Q. What VMs does it run on?

A. Java VMs from Sun and IBM, certainly.

It also runs quite well on the CVS version of Kaffe
<http://www.kaffe.org/>, provided that you merge in a few pieces from
the current CVS sources of Classpath. If you know how to hack Kaffe,
you can probably get it to run in an afternoon.

One of the major targets for this package is GCJ 3.4, which will
probably have robust enough Java support to run Jessie.


Q. Can this software be exported from the US?

A. As far as I know, yes. Since 2000 the export rules have been very
different from the dread Draconian rules handed down from the cold
war. Basically free software (according to the US government, software
that is freely available with source code from the internet) falls
under a special exemption in export rules, which allows it to be
exported to anywhere except certain ``rogue'' nations.

Regardless, I am going to continue naively believing that doing
something as simple as ``writing software'' is not an illegal activity.
