harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail Loenko" <mloe...@gmail.com>
Subject Re: [classlib] choose one [x-net] || [security] for HARMONY-536 (JSSE provider)
Date Wed, 19 Jul 2006 13:12:29 GMT
If we include certs form 3rd parties IMHO it makes sense to download them and
generate our storage at build time.

Thanks,
Mikhail

2006/7/19, George Harley <george.c.harley@googlemail.com>:
> Geir Magnusson Jr wrote:
> > Tim Ellison wrote:
> >
> >> Geir Magnusson Jr wrote:
> >>
> >>> I'm integrating HARMONY-536, the JSSE provider.  Two things:
> >>>
> >>> 1) it's contributed to go into x-net, but the package namespace is
> >>>
> >>>   o.a.h.security.provider.jsse
> >>>
> >>> so I wonder if this would be better off in the security module.  If not,
> >>> we are stuck because we don't have a 'negative' patternset for jar
> >>> packaging, so it's getting sucked into security jar right now anyway :)
> >>>
> >> IMHO it should be in x-net.  Can't you rename the package?
> >>
> >>
> >
> > Of course.  Something was going to get moved, just wanted to see any
> > other opinions..
> >
> >
> >
> >>> 2) I have a little test proggie that shows that it's negotiating w/ the
> >>> other side, but given we have no cacerts, it whines and gives up. (It's
> >>> a reasonable whine...)  Lazily and naively, I threw the cacerts from
> >>> Sun's JRE into jre/lib/security and prayed, but the security deities are
> >>> not smiling on me today.  So, where does/what format/etc/etc should our
> >>> root cert file go?
> >>>
> >> Dunno.  I know you were just playing, but AIUI the use of root
> >> certificates for popular CA's cost $'s don't they?
> >>
> >
> > I didn't think so.  I thought that they gave the root certs away because
> >  the value of a cert provider is directly proportional to the amount of
> > software out there that can understand it's certs...
> >
> >
>
>
> Hi Geir,
>
> I think you are right. The kind of information we would want to have in
> a Harmony cacerts file is available from CA web sites (e.g. Verisign and
> Thawte). Inclusion of Thawte root certs requires accepting their license
> which is available on the repository access page [1]. It seems pretty
> harmless (famous last words).
>
> I guess that in order to build our own Harmony cacerts file we would
> need to retrieve the root certs information from each CA in turn being
> careful to check out the terms of any associated licenses.
>
> Best regards,
> George
>
>
> [1] http://www.thawte.com/roots/index.html
>
>
>
> >> Hopefully Boris will enlighten us to the format used.
> >>
> >> Regards,
> >> Tim
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > Terms of use : http://incubator.apache.org/harmony/mailing.html
> > To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> > For additional commands, e-mail: harmony-dev-help@incubator.apache.org
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message