Re: SSL API update?

David Brownell (db@Eng)
Mon, 01 Feb 1999 15:09:23 -0800

Date: Mon, 01 Feb 1999 15:09:23 -0800
From: David Brownell <db@Eng>
To: DavidTaylor@forge.com.au
Subject: Re: SSL API update?

Or to put it differently -- private key management (associated
with user authentication, e.g. logon) and trust management are
not specific to SSL; there should be separate APIs for those.

It's good if they're standard extensions ("javax.*") but that's
not a requirement for many purposes.

The same issue comes up for servers who authenticate themselves,
and for letting clients trust the server authentication ... it's
really not possible to use an SSL package without such APIs!

- Dave

Jeff Nisewanger wrote:
>
> > First thing: I have just looked through the spec again and could not see
> > how the set the certificate chain to be sent if a client-side handshake
> > is being performed and the server asks for a certificate.
>
> The current javax SSL api does not include trust management
> and private key management apis. The intent was to focus on
> the socket-level apis aimed at "end-user" application code and leave
> these issues for implementation-specific apis. We will soon be
> starting the process for version 2 of the api and the intent is to
> move trust and key management into the javax api set.
>
> Jeff