Date: Mon, 27 Jan 1997 14:47:07 -0500
From: Bret J Ewin <bewin@proxicom.com>
To: java-security@java
Subject: Maybe a typo
http://www.javasoft.com/products/JDK/1.1/docs/guide/security/
JavaSecurityOverview.html
There is a particular sentence in your JavaSecurity API and Digital
Signatures (Draft 1.2) document that seems to be inconsistant. The
line right before the "JAR Files and Digital Signatures" section under
"Code Signing in Java" states:
"After obtaining a private key and a certificate, an application may
sign code using them."
I am still reading up on java.security, but I am fairly certain at
this point that certificates are needed for *public* keys and not for
*private* keys. I think someone mistakenly typed "private" when they
mean "public".
Of course, I apologize if I am wrong! Just thought I'd send you a note
before I forgot about it, just in case it is a mistake.
Bret