On May 22, 2006, at 4:42 AM, Raif S. Naffah wrote:
hello all,some of the keytool commands may use a file named "cacerts" usuallylocated in ${JAVA_HOME}/lib/security. this file is effectively a "JKS"key-store (i.e. a proprietary type of a key-store) and containsself-signed X.509 certificates of "trusted" entities usually consideredas Certification Authorities (CAs).using the RI's (version 1.5) keytool i exported those (33) certificatesand imported them into a "GKR" key-store --i.e. the type that we provide-- using our current implementation of keytool. my question is: does anybody see any problem, legal or otherwise, in including our version of this cacerts file which i named "cacerts.gkr" into the GNU Classpath distribution?
There probably isn't any problem with distributing these (that's the point of these certificates, to distribute them, to sorta-kinda make a PKI out of X.509), but it is still vital to get some clear terms about how we can use these certificates. I think just the BCLA or JDL or whatever the 1.5 JDK is distributed under doesn't make any exclusion for binary files like this.
I think it's also a good idea to vet these certificates anyway, because the organizations backing them may not be people we, in fact, trust (whose bits are these, anyway?), or there may be a political motivation for not including some CA's certs in a free software package. We don't know what process Sun goes through to accept a certificate or not, and they may have allowed (or denied) certificates on different terms than the FSF would accept.
PGP.sig
Description: This is a digitally signed message part
