Date: Tue, 24 Feb 1998 09:40:37 -0500
To: java-security@web1.javasoft.com
From: Chris Bergstresser <chris@subtlety.com>
Subject: Re: Generating keys
Jeff --
So . . . if I wanted to use the SSL library with JWS 1.1, I would need
to write a servlet? As the client or the server -- would I write a servlet
that exports an object to the RMIRegistry? Or run the RMIRegistry as a
servlet? Or run the client as a servlet, communicating through SSL and RMI
to a backend RMIRegistry?
Also, how do you subscribe to the java-security list? I though it
would be just sending a subscribe request to listserv@javasoft.com, but
that doesn't work. I can write my own custom sockets that encrypt the
data, but I'm having trouble with the key management part of it (as my
message to the mailing list attested to).
-- Chris Bergstresser
chris@subtlety.com
At 08:21 PM 2/23/98 , you wrote:
> Hi. You mentioned earlier today in private email to me that
>you are trying to use JWS 1.1 as the source of the SSL implementation
>but are not running your application within the Java Web Server (your
>not writing a servlet). JWS was not really intended to be used like this.
>The javax.net.ssl apis do not expose trust management apis needed for
>accessing self-authentication data (private keys & their associated
>certificate chains) or managing which certificate authorities you trust
>when authenticating the peer at the other end of the socket.