Date: Tue, 02 Feb 1999 10:32:48 +1100
From: David Taylor <DavidTaylor@forge.com.au>
To: David Brownell <db@Eng>
Subject: Re: SSL API update?
> Or to put it differently -- private key management (associated
> with user authentication, e.g. logon) and trust management are
> not specific to SSL; there should be separate APIs for those.
>
> It's good if they're standard extensions ("javax.*") but that's
> not a requirement for many purposes.
>
> The same issue comes up for servers who authenticate themselves,
> and for letting clients trust the server authentication ... it's
> really not possible to use an SSL package without such APIs!
So the idea you're working towards is to separate the trust management
API from the SSL API?
The application acting as a server in an SSL conversation would need to
register it's public key/certificate using some different API that the
SSL implementation would call upon to get that public key/certificate if
necessary.
Likewise, the application acting as a client in an SSL conversation
would register it's public key/certificate using the trust API and the
SSL implementation would make the call into it if it needed to send a
client certificate.
Is that where you're headed?
Regards,
David Taylor
Forge Research.