> While it may not be necessary to provide confidentiality of the truststore, > "validation that the JKS is the JKS that the user expects" is the very > definition of integrity.
Yes, thanks for re-defining integrity for me ;). Thought it was obvious that's what I was describing. No security, just integrity of the JKS. > So the log message is incorrect: it is providing security value, by enforcing > the use of integrity beyond file system permissions. Truststores, in this context, do not contain private material, thus there is no need to enforce confidentiality -- in fact, the typical deployment model for Java installations has a globally readable truststore. [ Full content available at: https://github.com/apache/accumulo/pull/646 ] This message was relayed via gitbox.apache.org for [email protected]
