harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geir Magnusson Jr <g...@pobox.com>
Subject Re: [classlib] choose one [x-net] || [security] for HARMONY-536 (JSSE provider)
Date Wed, 19 Jul 2006 12:15:30 GMT
I've asked Sun about this.  It would be nice if people could re-use
their root cert store.

What format does IBM and BEA use?

geir


Boris Kuznetsov wrote:
> Quotation from JavaTM Cryptography Architecture
> API Specification & Reference
> http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#KeyManagement
> 
> 
> "It implements the keystore as a file, using a proprietary keystore
> type (format) named "JKS"."
> 
> On 7/19/06, Geir Magnusson Jr <geir@pobox.com> wrote:
>>
>>
>> Mikhail Loenko wrote:
>> > A long ago we agreed that providers go into a separate module. But
>> > now I think it's might be not very reasonable.
>>
>> Well, if it gets to be an issue, we can switch.  Do you remember the
>> reasons?
>>
>> >
>> > Sun keeps certificates in its own proprietary format (JKS), while we
>> have
>> > BKS from Bouncy Castle, so files will have to be converted. I can do
>> this
>> > next week
>>
>> It's proprietary?  Grrr.  I would be nice if people could use their
>> existing root cert stores w/ us.  You sure?  :)
>>
>> >
>> > Thanks,
>> > Mikhail
>> >
>> > 2006/7/19, Geir Magnusson Jr <geir@pobox.com>:
>> >>
>> >>
>> >> Tim Ellison wrote:
>> >> > Geir Magnusson Jr wrote:
>> >> >> I'm integrating HARMONY-536, the JSSE provider.  Two things:
>> >> >>
>> >> >> 1) it's contributed to go into x-net, but the package namespace
is
>> >> >>
>> >> >>   o.a.h.security.provider.jsse
>> >> >>
>> >> >> so I wonder if this would be better off in the security module.
 If
>> >> not,
>> >> >> we are stuck because we don't have a 'negative' patternset for
jar
>> >> >> packaging, so it's getting sucked into security jar right now
>> >> anyway :)
>> >> >
>> >> > IMHO it should be in x-net.  Can't you rename the package?
>> >> >
>> >>
>> >> Of course.  Something was going to get moved, just wanted to see any
>> >> other opinions..
>> >>
>> >>
>> >> >> 2) I have a little test proggie that shows that it's negotiating
w/
>> >> the
>> >> >> other side, but given we have no cacerts, it whines and gives up.
>> >> (It's
>> >> >> a reasonable whine...)  Lazily and naively, I threw the cacerts
>> from
>> >> >> Sun's JRE into jre/lib/security and prayed, but the security
>> >> deities are
>> >> >> not smiling on me today.  So, where does/what format/etc/etc should
>> >> our
>> >> >> root cert file go?
>> >> >
>> >> > Dunno.  I know you were just playing, but AIUI the use of root
>> >> > certificates for popular CA's cost $'s don't they?
>> >>
>> >> I didn't think so.  I thought that they gave the root certs away
>> because
>> >>  the value of a cert provider is directly proportional to the
>> amount of
>> >> software out there that can understand it's certs...
>> >>
>> >> >
>> >> > Hopefully Boris will enlighten us to the format used.
>> >> >
>> >> > Regards,
>> >> > Tim
>> >> >
>> >>
>> >> ---------------------------------------------------------------------
>> >> Terms of use : http://incubator.apache.org/harmony/mailing.html
>> >> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
>> >> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>> >>
>> >>
>> >
>> > ---------------------------------------------------------------------
>> > Terms of use : http://incubator.apache.org/harmony/mailing.html
>> > To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
>> > For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>> >
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> Terms of use : http://incubator.apache.org/harmony/mailing.html
>> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>>
>>
> 
> 

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message