Re: Need to quickly deploy a signed 1.2 plugin applet

Jan Luehe (luehe@laguna.eng.sun.com)
Wed, 27 Jan 1999 10:33:02 -0800 (PST)

Date: Wed, 27 Jan 1999 10:33:02 -0800 (PST)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: Need to quickly deploy a signed 1.2 plugin applet
To: java-security@java.Sun.COM, Sasha.Bilton@BSKYB.COM

Sasha:

We have added the following features to the next version of the
Plug-in (which will be made available shortly) that will
address some of your issues:

1. Support for verification of JAR files signed with RSA.

2. If your applet is signed, and the permissions granted to it
do not include the "usePolicy" RuntimePermission (note that
this permission is not granted by default),
we will verify the entire applet certificate chain.
Verification will go all the way up to the Root CA of the chain
and check if that Root CA is contained in
Netscape's or IE's configured database of trusted Root CAs.

If so, the user will be prompted if they want to grant the special
"AllPermission" (which implies every other single permission)
to the applet. In this case, the policy will be bypassed
altogether (binary policy decision).

Jan

> Is there anyway of deploying a 1.2 signed applet running via the plugin? I
> only way I can see to do at the moment is the low tech cut & paste techique,
> some over work admin persons going around to our several hundred users
> machines and installing the policy files.
>
> Even if we put the files on a server each client would have to be configured
> to look at those files
>
> I worked out that it would take about 10 minutes per
> installation/configuration and we have a minumum of 200 clients machines -
> thats 33.3 hours work or almost a week real time. Now during this time the
> user can't work so it's also 33 hours lost. (note these times don't include
> the fact that we run serperate sites). This isn't acceptable to us or our
> admin department.
>
> Is there someway of having the plugin ask the user if they wish to accept
> software as trusted like certain not-to-be-named browsers do?
>
> Please say yes!
>
> Thanks in advance
> Sasha
> --
> Sasha Bilton.
> "I met a girl upon a stair who wasn't there."