Security References (Java Security)

C.3. Security References

Finally, here is a number of white papers and other references that are of general interest:

http://java.sun.com/security/: This is the main index site for all security-related features of the JDK. In particular, this page has links to security white papers, API and tool documentation, security specifications, and more. This site also has links to many of the other sites we've listed here.
http://java.sun.com/sfaq/: This is the Frequently Asked Questions page for Java security. This page primarily addresses what applets can and cannot do.
http://java.sun.com/products/jdk1.2/docs/guide/security/security-spec.html: This document is the specification for the 1.2 Java security architecture; it provided invaluable background for this book. When you download the JDK 1.2 documentation, this document can be found at $JAVAHOME/docs/guide/security/spec/security-spec.html.
http://www.users.zetnet.co.uk/hopwood/papers/compsec97.html: This document gives an interesting perspective on the topic of authentication, and in particular whether Java's techniques for authentication are secure.
http://www.doc.gov/: The Department of Commerce of the U.S. government. The Commerce Department governs and publishes the export restrictions of encryption and can grant exceptions for exporting encryption technology.
http://www.crypto.com/: The Export Policy Resource page contains a number of links and other references to sites concerned with the U.S. government encryption policies.
Bruce Schneier. Applied Cryptography. John Wiley & Sons, New York, NY. 1996: Okay, it is not a web site, but this book is another invaluable reference for details of all the cryptographic topics of this book (Mr. Schneier's web site, for the library-impaired, is http://www.counterpane.com/).
Jonathan Knudsen. Java Cryptography. O'Reilly & Associates, Sebastopol, CA. 1998: For a discussion of implementing cryptographic algorithms in Java with a series of excellent examples, check out this book.