Date: Tue, 10 Mar 1998 08:18:23 -0800
From: David.Brownell@Eng (David Brownell)
Message-Id: <199803101618.IAA14389@argon.eng.sun.com>
To: Jeff.Nisewanger@Eng, apoddar@netvalueinc.com,
Subject: Re: Help -- Where is javax.net.* api available
> The [SSL] API does
> not currently cover some issues which are necessary in a completely
> standalone application such as certificate trust management, key management
> and "login" services. These are expected to be handled by the
> Java execution environment such as the Java Web Server or HotJava so
> that servlets and applets don't have to concern themselves about those
> issues and can just use the javax.net.ssl apis.
The way to think about this is that the "SSL API" is just for SSL. Those
other APIs are generally needed to use Public Key Infrastructure (PKI),
and are APIs which JavaSoft will present separately. You can use them
without SSL, and there are even some uses of SSL that don't need them.
For example, JDK 1.2 includes core key management support: the KeyStore
API, X.509v3 certificate support, and (if I recall the name right) the
"keytool" command line utility for creating keypairs, issuing certificate
signing requests, and processing the responses.
- Dave