I built JavaFX 2.0 application and created self-signed jar. Then I started jnlp file and got prompted with Security Warning dialog. I have no objection to this functionality, but why publisher is displayed as UNKNOWN instead of <vendor> (taken from jnlp file)? Or at least like: <vendor> - UNKNOWN? People might be happy to accept, but they should be able to see the vendor if it can be obtained from jnlp file. Otherwise, it looks too dangerous.

The most practical example of use is an internal application residing on company's servers. You don't need to get certificate for that, but you don't want to ask users to accept everything blindly without seeing that this is coming from the in-house development.

This bug is kind of related to RT-16571, but that bug refers to a standard app Ensemble provided by Oracle rather than to any custom-built and self-signed one.