|
Quick Lists
|
|
Bug ID:
|
4649703
|
|
Votes
|
1
|
|
Synopsis
|
Web Start should consider time-of-signing when verifying signed jars
|
|
Category
|
java_deployment:security
|
|
Reported Against
|
1.4
, jaws-1.0-beta
|
|
Release Fixed
|
1.5(tiger)
|
|
State
|
10-Fix Delivered,
request for enhancement
|
|
Priority:
|
3-Medium
|
|
Related Bugs
|
4500302
,
4523234
,
4649690
,
4373294
|
|
Submit Date
|
08-MAR-2002
|
|
Description
|
RFE 4500302 actually requests several enhancements in various places: JDK, jarsigner, PlugIn and Web Start. There is another rfe (4523234) tracking
work needed in JDK to support timestamped signatures.
We plan to implement rfe 4523234 for Tiger (pending Tiger team approval, etc.).
Once rfe 4523234 is done, Web Start should consider time-of-signing when verifying signed jar.
So I'm filing this rfe to track the work needed in Web Start (if any). I've filed rfe 4649690 to track work needed in PlugIn (if any). RFE 4500302 will be used to track enhancements needed in jarsigner. I'll add notes in rfe 4500302.
|
|
Work Around
|
N/A
|
|
Evaluation
|
We should start displaying a stronger warning message for expired certificates
for Mantis.
xxxxx@xxxxx 2002-07-23
this will be a tiger project, together with 4646418
xxxxx@xxxxx 2002-11-05
Mark it as RFE.
xxxxx@xxxxx 2003-01-13
moving catagory to java_deployment since affected code will be in common code with plugin.
xxxxx@xxxxx 2003-01-14
Fix in progress by Dennis.
xxxxx@xxxxx 2003-10-09
|
|
Comments
|
PLEASE NOTE: JDK6 is formerly known as Project Mustang
|
|
|
|
