harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Harley <george.c.har...@googlemail.com>
Subject Re: [classlib] choose one [x-net] || [security] for HARMONY-536 (JSSE provider)
Date Wed, 19 Jul 2006 09:31:00 GMT
Hi,

Since the cacerts file contains root certificate information from 
well-known CA outfits that in at least one case is already publicly 
available I would hope that there is less of a legal problem than we 
think. For instance, take a look at the Verisign root certificates 
repository [1] which pretty much contains all of the information about 
Verisign root certificates available from dumping out cacerts.


Best regards,
George


[1] http://www.verisign.com/repository/root.html



Boris Kuznetsov wrote:
> Right.
> Harmony uses BKS as default format.
> But I'm not sure that converting of SUN's cacerts is OK from legal
> point of view.
>
> Thanks,
> Boris
>
> On 7/19/06, Mikhail Loenko <mloenko@gmail.com> wrote:
>> A long ago we agreed that providers go into a separate module. But
>> now I think it's might be not very reasonable.
>>
>> Sun keeps certificates in its own proprietary format (JKS), while we 
>> have
>> BKS from Bouncy Castle, so files will have to be converted. I can do 
>> this
>> next week
>>
>> Thanks,
>> Mikhail
>>
>> 2006/7/19, Geir Magnusson Jr <geir@pobox.com>:
>> >
>> >
>> > Tim Ellison wrote:
>> > > Geir Magnusson Jr wrote:
>> > >> I'm integrating HARMONY-536, the JSSE provider.  Two things:
>> > >>
>> > >> 1) it's contributed to go into x-net, but the package namespace is
>> > >>
>> > >>   o.a.h.security.provider.jsse
>> > >>
>> > >> so I wonder if this would be better off in the security module.  
>> If not,
>> > >> we are stuck because we don't have a 'negative' patternset for jar
>> > >> packaging, so it's getting sucked into security jar right now 
>> anyway :)
>> > >
>> > > IMHO it should be in x-net.  Can't you rename the package?
>> > >
>> >
>> > Of course.  Something was going to get moved, just wanted to see any
>> > other opinions..
>> >
>> >
>> > >> 2) I have a little test proggie that shows that it's negotiating 
>> w/ the
>> > >> other side, but given we have no cacerts, it whines and gives 
>> up. (It's
>> > >> a reasonable whine...)  Lazily and naively, I threw the cacerts 
>> from
>> > >> Sun's JRE into jre/lib/security and prayed, but the security 
>> deities are
>> > >> not smiling on me today.  So, where does/what format/etc/etc 
>> should our
>> > >> root cert file go?
>> > >
>> > > Dunno.  I know you were just playing, but AIUI the use of root
>> > > certificates for popular CA's cost $'s don't they?
>> >
>> > I didn't think so.  I thought that they gave the root certs away 
>> because
>> >  the value of a cert provider is directly proportional to the 
>> amount of
>> > software out there that can understand it's certs...
>> >
>> > >
>> > > Hopefully Boris will enlighten us to the format used.
>> > >
>> > > Regards,
>> > > Tim
>> > >
>> >
>> > ---------------------------------------------------------------------
>> > Terms of use : http://incubator.apache.org/harmony/mailing.html
>> > To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
>> > For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> Terms of use : http://incubator.apache.org/harmony/mailing.html
>> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>


---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message