Circling back to this - is there a way to have an X.509 realm that does not require BouncyCastle? I haven't looked at the patch yet myself to verify this (I'll check it out sometime this week if I have time). I'm not necessarily against having a new 3rd party module for bouncycastle if the community feels this is needed, but my personal preference is to avoid that if there is a reasonably clean way of supporting X.509 without it.
Les On Sat, Jun 12, 2010 at 10:24 AM, Paul Merlin <[email protected]> wrote: > Le samedi 12 juin 2010 19:00:05, Brian Demers a écrit : >> The public key realm we have is tailored for Apache Mina SSHD, it is >> pretty basic,just compares 2 public keys (and provides an interface for >> the storage of the public keys) With no other dependencies > > Oh ok, so the pubkeys comparison is not so strange in the ssh case. > > Indeed asymetric cryptography has a lot of use cases, I only had > X509Certificates in my mind, especially their usage on mutually authenticated > TLS connections. > > Could we focus on the SHIRO-24 issue in this thread ? Maybe create a new one > for > discussing different asym-crypto use cases with Shiro. > > /Paul > >
