Mailing-List: contact harmony-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: harmony-dev@incubator.apache.org
Received-SPF: pass (asf.osuosl.org: domain of boris.v.kuznetsov@gmail.com
 designates 64.233.182.187 as permitted sender)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=bwYT7Q5nhb64HGunO5vG1wALzTzAUtexIpGMMaGiJMsu9CUywdbwrb1lk7NtQDyCbValfsL7um2BtK3IzjzvPFo52fxxl6iuuUhRHbhGXFzRcnwoYCJe9FMipm5F8y68yeFd7GYk4TUqheq2mz1iRHpEfi7yZtOv8nA1ZBssB6M=
Message-ID: <b266b8670607190041o253dcbfdl6624b79695437709@mail.gmail.com>
Date: Wed, 19 Jul 2006 14:41:09 +0700
From: "Boris Kuznetsov" <boris.v.kuznetsov@gmail.com>
To: harmony-dev@incubator.apache.org, geir@pobox.com
Subject: Re: [classlib] choose one [x-net] || [security] for HARMONY-536 (JSSE
 provider)
In-Reply-To: <44BDC4C5.6060702@pobox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <44BD30C0.4040700@pobox.com> <44BD5763.1050902@gmail.com>
	 <44BD5C71.20904@pobox.com>
	 <906dd82e0607182221h64a9e0s57ed19b861449dd1@mail.gmail.com>
	 <44BDC4C5.6060702@pobox.com>

Quotation from JavaTM Cryptography Architecture
API Specification & Reference
http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#KeyManagement

"It implements the keystore as a file, using a proprietary keystore
type (format) named "JKS"."

On 7/19/06, Geir Magnusson Jr <geir@pobox.com> wrote:
>
>
> Mikhail Loenko wrote:
> > A long ago we agreed that providers go into a separate module. But
> > now I think it's might be not very reasonable.
>
> Well, if it gets to be an issue, we can switch.  Do you remember the
> reasons?
>
> >
> > Sun keeps certificates in its own proprietary format (JKS), while we have
> > BKS from Bouncy Castle, so files will have to be converted. I can do this
> > next week
>
> It's proprietary?  Grrr.  I would be nice if people could use their
> existing root cert stores w/ us.  You sure?  :)
>
> >
> > Thanks,
> > Mikhail
> >
> > 2006/7/19, Geir Magnusson Jr <geir@pobox.com>:
> >>
> >>
> >> Tim Ellison wrote:
> >> > Geir Magnusson Jr wrote:
> >> >> I'm integrating HARMONY-536, the JSSE provider.  Two things:
> >> >>
> >> >> 1) it's contributed to go into x-net, but the package namespace is
> >> >>
> >> >>   o.a.h.security.provider.jsse
> >> >>
> >> >> so I wonder if this would be better off in the security module.  If
> >> not,
> >> >> we are stuck because we don't have a 'negative' patternset for jar
> >> >> packaging, so it's getting sucked into security jar right now
> >> anyway :)
> >> >
> >> > IMHO it should be in x-net.  Can't you rename the package?
> >> >
> >>
> >> Of course.  Something was going to get moved, just wanted to see any
> >> other opinions..
> >>
> >>
> >> >> 2) I have a little test proggie that shows that it's negotiating w/
> >> the
> >> >> other side, but given we have no cacerts, it whines and gives up.
> >> (It's
> >> >> a reasonable whine...)  Lazily and naively, I threw the cacerts from
> >> >> Sun's JRE into jre/lib/security and prayed, but the security
> >> deities are
> >> >> not smiling on me today.  So, where does/what format/etc/etc should
> >> our
> >> >> root cert file go?
> >> >
> >> > Dunno.  I know you were just playing, but AIUI the use of root
> >> > certificates for popular CA's cost $'s don't they?
> >>
> >> I didn't think so.  I thought that they gave the root certs away because
> >>  the value of a cert provider is directly proportional to the amount of
> >> software out there that can understand it's certs...
> >>
> >> >
> >> > Hopefully Boris will enlighten us to the format used.
> >> >
> >> > Regards,
> >> > Tim
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> Terms of use : http://incubator.apache.org/harmony/mailing.html
> >> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> >> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > Terms of use : http://incubator.apache.org/harmony/mailing.html
> > To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> > For additional commands, e-mail: harmony-dev-help@incubator.apache.org
> >
> >
> >
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>


-- 
Best regards,
Boris Kuznetsov
Intel Middleware Products Division

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org