> I find this surprising (I don't have Oracle 8.1.6, so I can't check this
> out on my own right now). The X.509 certificate that comes in through SSL
> only provides a *public* key, so the web server can't impersonate the web
> client --- it can only say "I'm working on behalf of this guy, trust me on
> this". Is Oracle really willing to accept that?
*g* it does trust them from the CA you define. Currently I know they
support themselves and Entrust. Others may work, you do need the latest
version of Entrust, as it is using the latest release spec.
Thor HW
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
