Mailing-List: contact harmony-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: harmony-dev@incubator.apache.org
Received-SPF: pass (asf.osuosl.org: domain of george.c.harley@googlemail.com
 designates 64.233.182.185 as permitted sender)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=googlemail.com;
        h=received:message-id:date:from:reply-to:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding;
        b=G7lO21a4xoLeURvkELmDCpxRU4CR5g05DccEv/J7G+OxAFc3Xbvar0Z8UpBRC0PMIYhioazBuEq26E98lLNEGTltlaiCgNgGIIf4HSwq5plDmnHV4JDALNfn8fd2ghZbB9Q0/ZE4fWS8gr9iLbO4ltrArIsdU3R8V0JzRkftZmk=
Message-ID: <44BE0415.7010905@googlemail.com>
Date: Wed, 19 Jul 2006 11:06:13 +0100
From: George Harley <george.c.harley@googlemail.com>
Reply-To: harmony-dev@incubator.apache.org
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: harmony-dev@incubator.apache.org
Subject: Re: [classlib] choose one [x-net] || [security] for HARMONY-536 (JSSE
 provider)
References: <44BD30C0.4040700@pobox.com> <44BD5763.1050902@gmail.com>
 <44BD5C71.20904@pobox.com>
In-Reply-To: <44BD5C71.20904@pobox.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Geir Magnusson Jr wrote:
> Tim Ellison wrote:
>   
>> Geir Magnusson Jr wrote:
>>     
>>> I'm integrating HARMONY-536, the JSSE provider.  Two things:
>>>
>>> 1) it's contributed to go into x-net, but the package namespace is
>>>
>>>   o.a.h.security.provider.jsse
>>>
>>> so I wonder if this would be better off in the security module.  If not,
>>> we are stuck because we don't have a 'negative' patternset for jar
>>> packaging, so it's getting sucked into security jar right now anyway :)
>>>       
>> IMHO it should be in x-net.  Can't you rename the package?
>>
>>     
>
> Of course.  Something was going to get moved, just wanted to see any
> other opinions..
>
>
>   
>>> 2) I have a little test proggie that shows that it's negotiating w/ the
>>> other side, but given we have no cacerts, it whines and gives up. (It's
>>> a reasonable whine...)  Lazily and naively, I threw the cacerts from
>>> Sun's JRE into jre/lib/security and prayed, but the security deities are
>>> not smiling on me today.  So, where does/what format/etc/etc should our
>>> root cert file go?
>>>       
>> Dunno.  I know you were just playing, but AIUI the use of root
>> certificates for popular CA's cost $'s don't they?
>>     
>
> I didn't think so.  I thought that they gave the root certs away because
>  the value of a cert provider is directly proportional to the amount of
> software out there that can understand it's certs...
>
>   


Hi Geir,

I think you are right. The kind of information we would want to have in 
a Harmony cacerts file is available from CA web sites (e.g. Verisign and 
Thawte). Inclusion of Thawte root certs requires accepting their license 
which is available on the repository access page [1]. It seems pretty 
harmless (famous last words).

I guess that in order to build our own Harmony cacerts file we would 
need to retrieve the root certs information from each CA in turn being 
careful to check out the terms of any associated licenses.

Best regards,
George


[1] http://www.thawte.com/roots/index.html


>> Hopefully Boris will enlighten us to the format used.
>>
>> Regards,
>> Tim
>>
>>     
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>
>   


---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org