Remote Coral and Legion of the Bouncy Castle ...

John Shott shott at snf.stanford.edu
Wed Feb 26 15:54:09 PST 2003


SNF Lab Members:

I've received a couple of comments from folks worrying about the warning that
they get about the "Legion of the Bouncy Castle" when they download the new
version of Remote Coral.

The new public domain crytpography stuff that we are using is from
www.bouncycastle.org (AKA the Legion of the Bouncy Castle).  While I
personally have no knowledge as to the origins of that name ... I do believe
that they are legitimate providers of cryptography software.
(Afterall, this is Silicon Valley ... I'm a little surprised at people
thinking that that is a funny name for an organization in the land of startups
with funny names.  Maybe the lack of "Z" and "X" is their name is suspicious
...).  In any event, the Bouncy Castle stuff is what we are trying to download
to your machine as a part of Remote Coral because that is the package that we
are using to handle encryption/decryption of your login name and remote
passwords.  It is flagged separately because it is signed by Sun whereas
Remote Coral proper is signed by us ...

So, it is certainly my belief that the Bouncy Castle stuff is legitimate,
safe, and "for real"
... but, as is often the case, the ultimate decision as to whether you want
that downloaded to your machine is yours.  Of course, if you don't ... Remote
Coral won't run ...

Thanks for your observant responses,

John

Note: Team Coral has no affiliation with the Legion of the Bouncy Castle
(finacial or otherwise ...) other than that is the encryption/decryption
package that we use because it is one of the few packages offering public
domain RSA encryption.



More information about the labmembers mailing list