Hi is there any reason that for java it is assumed that there is no unlimited policy file installed.
Or should be there an differenciation between normal and unlimited policy ?
If we assume that the unlimited policy has been applied, there's a danger that only 256-bit AES is configured, and then the site does not work for those using the defaults. Also, I think the large majority of Java installations do not change the default.
OK i can see your point. You mean that some people say we need to support java and do not keep in mind that the 256-bit AES is only supported with unlimited policy. But on the other hand this if i read the result i would think that there is no chance to use strong AES with java.
If there would be an own "client" java with unlimited policy. There would be in my eyes the positiv effekt that the people get aware of this possible security improvment. And increased security i think is one goal of this page.
Retrieving data ...