If we include certs form 3rd parties IMHO it makes sense to download them and generate our storage at build time.
Thanks, Mikhail 2006/7/19, George Harley <[EMAIL PROTECTED]>:
Geir Magnusson Jr wrote: > Tim Ellison wrote: > >> Geir Magnusson Jr wrote: >> >>> I'm integrating HARMONY-536, the JSSE provider. Two things: >>> >>> 1) it's contributed to go into x-net, but the package namespace is >>> >>> o.a.h.security.provider.jsse >>> >>> so I wonder if this would be better off in the security module. If not, >>> we are stuck because we don't have a 'negative' patternset for jar >>> packaging, so it's getting sucked into security jar right now anyway :) >>> >> IMHO it should be in x-net. Can't you rename the package? >> >> > > Of course. Something was going to get moved, just wanted to see any > other opinions.. > > > >>> 2) I have a little test proggie that shows that it's negotiating w/ the >>> other side, but given we have no cacerts, it whines and gives up. (It's >>> a reasonable whine...) Lazily and naively, I threw the cacerts from >>> Sun's JRE into jre/lib/security and prayed, but the security deities are >>> not smiling on me today. So, where does/what format/etc/etc should our >>> root cert file go? >>> >> Dunno. I know you were just playing, but AIUI the use of root >> certificates for popular CA's cost $'s don't they? >> > > I didn't think so. I thought that they gave the root certs away because > the value of a cert provider is directly proportional to the amount of > software out there that can understand it's certs... > > Hi Geir, I think you are right. The kind of information we would want to have in a Harmony cacerts file is available from CA web sites (e.g. Verisign and Thawte). Inclusion of Thawte root certs requires accepting their license which is available on the repository access page [1]. It seems pretty harmless (famous last words). I guess that in order to build our own Harmony cacerts file we would need to retrieve the root certs information from each CA in turn being careful to check out the terms of any associated licenses. Best regards, George [1] http://www.thawte.com/roots/index.html >> Hopefully Boris will enlighten us to the format used. >> >> Regards, >> Tim >> >> > > --------------------------------------------------------------------- > Terms of use : http://incubator.apache.org/harmony/mailing.html > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
