-
Type:
Enhancement
-
Resolution: Duplicate
-
Priority:
P5
-
None
-
Affects Version/s: 6
-
Component/s: security-libs
-
x86
-
windows_xp
A DESCRIPTION OF THE REQUEST :
If the Verisign timestamping certificate at:-
https://knowledge.verisign.com/resources/sites/VERISIGN/content/live/SOLUTION/9000/SO9699/en_US/TimestampCA.cer
was added to cacerts in the JRE then timestamping of applets would be possible using the jarsigner option -tsa https://timestamp.geotrust.com/tsa which is also from Verisign (they own Geotrust).
This certificate is already included with Firefox so why not in the JRE too?
JUSTIFICATION :
Timestamping proves the date of the jar signing and can allow jar expiry to be extended beyond the signing cert expiry date. In one test with a one year signing cert the jar expiry was extended to around 9 years. This means the users do not get bothered with untrusted security alerts after only one year.
In a nutshell - less hassle for users.
If the Verisign timestamping certificate at:-
https://knowledge.verisign.com/resources/sites/VERISIGN/content/live/SOLUTION/9000/SO9699/en_US/TimestampCA.cer
was added to cacerts in the JRE then timestamping of applets would be possible using the jarsigner option -tsa https://timestamp.geotrust.com/tsa which is also from Verisign (they own Geotrust).
This certificate is already included with Firefox so why not in the JRE too?
JUSTIFICATION :
Timestamping proves the date of the jar signing and can allow jar expiry to be extended beyond the signing cert expiry date. In one test with a one year signing cert the jar expiry was extended to around 9 years. This means the users do not get bothered with untrusted security alerts after only one year.
In a nutshell - less hassle for users.
- duplicates
-
-
- Resolved
-