Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P4
Fix Version/s: 5.0
Affects Version/s: 1.4.0, 1.4.1
Component/s: security-libs
Labels:
- CAP
- cap-tiger
- jdcinclude
- tigerfeature

Subcomponent:
java.security
Resolved In Build:
tiger
CPU:

generic, x86
OS:

solaris_8, windows_nt, windows_2000

When a signed applet is verified and the certificate has expired, there is no way to tell if the applet was signed when the certificate was still valid. The
current validation policy assumes applet to be untrusted if the certificate has
expired, but they cause side effect to well deployed massive application to
popup security warning unnecessary.

Solution: Build timestamping directly into signing tool, so validation process
may take place in Java Plug-in or Java Web Start by validating the timestamp.

Timestamping of signed jar files is covered in 4500302

relates to

JDK-4649690 Java Plug-in should consider time-of-signing when verifying signed jars

Resolved

JDK-4500302 Verification of signed jars does not consider time-of-signing.

Resolved

JDK-4649703 Web Start should consider time-of-signing when verifying signed jars

Resolved

Assignee:: Vincent Ryan

Reporter:: Stanley Ho (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 2001-11-05 18:12

Updated:: 2003-10-23 17:41

Resolved:: 2003-10-10 12:52

Imported:: 17/Sep/12 9:18 PM

Indexed:: 28/Jul/12 4:41 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates