Hi,
Since the cacerts file contains root certificate information from
well-known CA outfits that in at least one case is already publicly
available I would hope that there is less of a legal problem than we
think. For instance, take a look at the Verisign root certificates
repository [1] which pretty much contains all of the information about
Verisign root certificates available from dumping out cacerts.
Best regards,
George
[1] http://www.verisign.com/repository/root.html
Boris Kuznetsov wrote:
Right.
Harmony uses BKS as default format.
But I'm not sure that converting of SUN's cacerts is OK from legal
point of view.
Thanks,
Boris
On 7/19/06, Mikhail Loenko <[EMAIL PROTECTED]> wrote:
A long ago we agreed that providers go into a separate module. But
now I think it's might be not very reasonable.
Sun keeps certificates in its own proprietary format (JKS), while we
have
BKS from Bouncy Castle, so files will have to be converted. I can do
this
next week
Thanks,
Mikhail
2006/7/19, Geir Magnusson Jr <[EMAIL PROTECTED]>:
>
>
> Tim Ellison wrote:
> > Geir Magnusson Jr wrote:
> >> I'm integrating HARMONY-536, the JSSE provider. Two things:
> >>
> >> 1) it's contributed to go into x-net, but the package namespace is
> >>
> >> o.a.h.security.provider.jsse
> >>
> >> so I wonder if this would be better off in the security module.
If not,
> >> we are stuck because we don't have a 'negative' patternset for jar
> >> packaging, so it's getting sucked into security jar right now
anyway :)
> >
> > IMHO it should be in x-net. Can't you rename the package?
> >
>
> Of course. Something was going to get moved, just wanted to see any
> other opinions..
>
>
> >> 2) I have a little test proggie that shows that it's negotiating
w/ the
> >> other side, but given we have no cacerts, it whines and gives
up. (It's
> >> a reasonable whine...) Lazily and naively, I threw the cacerts
from
> >> Sun's JRE into jre/lib/security and prayed, but the security
deities are
> >> not smiling on me today. So, where does/what format/etc/etc
should our
> >> root cert file go?
> >
> > Dunno. I know you were just playing, but AIUI the use of root
> > certificates for popular CA's cost $'s don't they?
>
> I didn't think so. I thought that they gave the root certs away
because
> the value of a cert provider is directly proportional to the
amount of
> software out there that can understand it's certs...
>
> >
> > Hopefully Boris will enlighten us to the format used.
> >
> > Regards,
> > Tim
> >
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]