The applet ISVs desperately need the ability to sign a single applet
for all three Java dynamic trust security models:
Object Signing
Authenticode
JDK 1.2
To my knowledge no vendor has attempted to help anyone with this very
important issue. Not even Netscape, which has a great developer
web site, nor the CAs, all of which have a vested interest in selling
multiple certs for multiple models have figured this one out and
documented it.
We have a product that currently supports both Object Signing and
Authenticode but have not been able to figure out how (or even if it is
possible) to support the JDK 1.2 signing model.
Actually, the signing model itself does not seem to be the problem as
much as lack of support (or documentation) for dynamic trust based on
CAs' root certs in JDK 1.2 (HotJava).
There needs to be a way to sign a JAR file for *both* object signing
and the JDK 1.2 security model. In addition, the JDK 1.2 applet support
needs to recognize CA generated certificates. Frankly, the ISVs could
care less whether these certificates are RSA or DSA based.
-- Brian ---------------------------------------------------------------------------- We at Tridia intend to both meet and exceed customer expectations for all products and services. Please let us know how we are doing: brian@tridia.com, john@tridia.com (my manager) or ceo-hotline@tridia.com. ---------------------------------------------------------------------------- W. Brian Blevins, Senior Software Engineer, Tridia Corporation Diplom Informatiker, Sun Certified Java Programmer 1.1 brian@tridia.com 1000 Cobb Place Blvd, Suite 210; Kennesaw, GA 30144, USA