Date: Mon, 8 Jun 1998 17:25:01 -0700 (PDT)
From: Marianne Mueller <Marianne.Mueller@Eng>
Subject: Re: some information required
To: java-security@web1.javasoft.com, Marise.Souza@gecapital.com
Two questions/answers:
1) how do you provide support?
In theory, the Java-enabled browsers would include support for the standard
Java APIs. Unfortunately, this hasn't worked out in the security area
(and other areas for that matter), so you need to use the Java Plug-In with
either Netscape or Microsoft browsers. (See note below.)
2) how do people use certificates?
People need to exchange certificates offline (for example, someone could
mail you a certificate, or you could download it with HTTP or FTP.) Or,
a software distributor could include the company's certificate along with
the software. There are some large firms doing this. Then, the end-user
needs to import the certificate into his or her certificate database.
In 1.1.x, the certificate database is identitydb.obj
In 1.2, the certificates are stored in a keystore named ~/.keystore.
--Unfortunately the JDK 1.1 signing and verification is not supported by the web browsers (Netscape's and Microsoft's.) It is supported in HotJava, http://java.sun.com/products/hotjava and appletviewer.
You can use the Java Plug-In in the browsers to get access to more recent JDK technology, http://java.sun.com/products/plugin You should be able to use 1.1.x signed applets with the Plug-In plugged into the browsers.
We are working with the Java licensees to get the standard Java signing working for people in an interoperable way.