Hello Sean,
On 29/01/2018 04:30 μμ, Fotis Loukos wrote:
> On 26/01/2018 11:31 μμ, Sean Mullan wrote:
>> On 1/24/18 5:39 AM, Fotis Loukos wrote:
>>>> You may not be aware, but the JDK does currently support a mechanism for
>>>> blacklisting certificates. The li
On 26/01/2018 11:31 μμ, Sean Mullan wrote:
> On 1/24/18 5:39 AM, Fotis Loukos wrote:
>>> You may not be aware, but the JDK does currently support a mechanism for
>>> blacklisting certificates. The lib/security/blacklisted.certs file
>>> contains a list of the fingerp
uring the update period would be good for starters. As a first step to
try a new format, you could even fetch it once during installation and
provide a means for the user to update it manually.
Regards,
Fotis Loukos
>
> Thanks,
> Sean
>
> On 1/18/18 11:03 AM, Fotis Loukos wrote:
&
access to a
software's trust store, and making an automated mechanism to fetch it
would be really useful.
Regards,
Fotis Loukos
--
Fotis Loukos, PhD
Director of Security Architecture
SSL Corp
e: fot...@ssl.com
w: https://www.ssl.com
s,
we believe that our implementation is compliant with RFC 5280.
As you noticed, by default the name constraints at the trust anchor are not
checked, however we wanted to know if it is possible to successfully validate
certificates if they are enforced by the programmer at his application.
Regards,
Fotis Loukos, PhD
HARICA Public Key Infrastructure
> --Sean
>
>
>>>
>>> Kind Regards,
>>> Vyronas Tsingaras,
>>> Aristotle University of Thessaloniki, IT Center
>>>
