CertPath and X509CertPath are not serializable. Now that KeyStoreLoginModule has been changed to use a CertPath as the public credential, we will want to change our JSSE-based RMI security providers to expect subjects to have a CertPath as the public credential. However, as part of the RMI security API, we need to be able to serialize the public credential of a server subject. This is made rather difficult by the fact that CertPath and X509CertPath are not serializable.