RE: Certificate chaining w/javakey generated DSA certificates

David Brownell (David.Brownell@Eng)
Tue, 23 Sep 1997 09:14:20 -0700

Date: Tue, 23 Sep 1997 09:14:20 -0700
From: David.Brownell@Eng (David Brownell)
Message-Id: <199709231614.JAA09645@argon.eng.sun.com>
To: Jan.Luehe@Eng, gchung@openhorizon.com, java-security@web2.javasoft.com
Subject: RE: Certificate chaining w/javakey generated DSA certificates

> So if I understand correctly, the basis of trust in appletviewer/HotJava is
> not certificate chaining to a CA but the existence of a certificate
> associated with a trusted identity in the local identity db. Authentication
> of a jar corresponds to an equality check between the public key in the
> identity db and the public key in the signed jar and a subsequent signature
> verification.

That's roughly my understanding too, but I've not really "been inside"
the code does that validation. And, as you noted, that's not enough!
It's been improved since then.

- Dave