On 29-12-11 12:46, Peter wrote:
By self signing your own certificates, the people at the other end still need a way to id you're cert. This is the hardest part of cryptography to solve. There may not always be a user or person on the other end, so there needs to be a programmatic alternative also.
Yes, this problem is what i tried to adress, or to avoid, by stating:
One could have the trustmanager offer the unknown certificate for acceptance to the user, in order to allow authentication via external channels.
Authenticating the self signed certificate by electronic means from within the jini domain is unsolveable imho. Thats why i want to leave it up to the implementor of the application to solve the problem. User interfaces like bluetooth authentication spring to mind. The authentication problem is quite similar to bluetooth.
Gr. Sim -- QCG, Software voor het MKB, 071-5890970, http://www.qcg.nl Quality Consultancy Group b.v., Leiderdorp, Kvk Den Haag: 28088397
