This link is a general purpose TOC for Web Start:

http://java.sun.com/j2se/1.4.2/docs/guide/jws/developersguide/contents.html


These are probably the relevant sections for the converstation:

Web server config -
http://java.sun.com/j2se/1.4.2/docs/guide/jws/developersguide/setup.html

JAR signing -
http://java.sun.com/j2se/1.4.2/docs/guide/jws/developersguide/development.ht
ml#security

cheers,

Paul Smith

> -----Original Message-----
> From: Mark Womack [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, 18 June 2003 4:45 PM
> To: Log4J Developers List
> Subject: Re: Web start app & Certificates
> 
> 
> I sent a message to [EMAIL PROTECTED]  It will get 
> the conversation
> started, but I think we need to understand exactly what we 
> will require.  Is
> there a WebStart document that can explain all this?
> 
> -Mark
> 
> ----- Original Message ----- 
> From: "Paul Smith" <[EMAIL PROTECTED]>
> To: "'Log4J Developers List'" <[EMAIL PROTECTED]>
> Sent: Tuesday, June 17, 2003 4:35 PM
> Subject: RE: Web start app & Certificates
> 
> 
> > > Setting up the keychain, signing the jars, and generating the
> > > JNLP are easy
> > > enough.  I don't know if there's an "official" cert for
> > > Jakarta, though, or
> > > how the ASF Board would want to handle who has the password
> > > to it.  Maybe
> > > Log4J would have its own?  Would it make sense for the ASF to
> > > be a CA so it
> > > wouldn't have to pay Verisign/Thawte every year?  That way
> > > the ASF could
> > > issue, for example, you a cert for signing Chainsaw, which
> > > would be backed
> > > by the "full faith and credit" of the ASF.  (It would also
> > > make it much more
> > > managable if "you" turn out to abuse the cert and it needs to
> > > be revoked.)
> >
> > Hi Jim,
> >
> > Thanks for your response.  It would be great if ASF was a 
> Certificate
> > authority, but I can imagine that's going to be a bit 
> involved!  Does
> anyone
> > know if the ASF board has discussed these types of issues 
> at all?  Aside
> > from Web start, I can imagine that signing jar's will be an 
> important part
> > of validating the authenticity of a package, rather than 
> the standard
> > published MD5 checksums I think that are in use at the moment.
> >
> > I'm not sure where to proceed here...
> >
> > thanks again,
> >
> > Paul
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to