From: George Chung <gchung@openhorizon.com>
To: "'java-security@java.sun.com'" <java-security@web2.javasoft.com>
Subject: Certificate chaining w/javakey generated DSA certificates
Date: Tue, 16 Sep 1997 16:59:02 -0700
I understand that certificate chaining is not yet supported under JDK
1.1.3 yet.
However...
a) I created a certificate for Foo certified by CA and installed it in
the Indentitydb on machine A.
b) I set Foo to be trusted.
c) As Foo, I signed a jar file containing an applet that writes to the
local filesystem.
d) On machine A, I downloaded the applet/signed jar.
I would have expected that although Foo was trusted, the local
environment would have no way of verifying that Foo's certificate
(which is used to verify the signature on the jar) is itself valid
since chaining is not supported.
I would have expected some kind of error, but instead the applet wrote
to the filesystem.
I would have expected that if certificate chaining is not supported,
then only self certified certificates would be valid.
Can anyone clarify?
Thanks,
-g
______________________________________________________________________
George Chung
Open Horizon, Inc.
gchung@nospam.openhorizon.com (remove "nospam." when emailing)
Find out about Ambrosia(tm), the SECURE Publish/Subscribe Event
Management System for the Internet (and 100% Pure Java Certified),
at http://www.openhorizon.com.