Re: Incorrect Documentation

Jan Luehe (luehe@laguna.eng.sun.com)
Tue, 20 Jul 1999 16:59:49 -0700 (PDT)

Message-Id: <199907202359.QAA29084@laguna.eng.sun.com>
Date: Tue, 20 Jul 1999 16:59:49 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: Incorrect Documentation
To: java-security@java.sun.com, jody@maxweb.com

Jody:

> Are you documentation writers on CRACK? Or have they left something out
> of the documentation.

You have not even read the documentation. What you read is the
message archive of the java-security alias.

Would you please read the appropriate documentation about
the Plug-in before you accuse us of providing vaporware?

In particular, I recommend these URLs:

http://java.sun.com/products/plugin/1.2/docs/netscape.html
(Section named "Implementation Details")

http://java.sun.com/products/plugin/1.2/docs/nsobjsigning.html#limitation

Should you still have any questions, let us know.

Jan

> Date: Tue, 20 Jul 1999 19:40:36 -0400
> From: Jody Larsen <jody@maxweb.com>
> X-Accept-Language: en
> MIME-Version: 1.0
> To: java-security@java.sun.com
> Subject: Incorrect Documentation
> Content-Transfer-Encoding: 7bit
>
> I have followed to a tee the instructions found at
> http://java.sun.com/security/hypermail/java-security-archive-4/0352.html
>
> and have virtually concluded that the assertion that JDK 1.2.2 supported
> RSA signed applets is utter an complete vaporware. At least Microsoft
> has the decency to say that their products have not yet been released.
>
> According to the message at:
> http://java.sun.com/security/hypermail/java-security-archive-4/0352.html
>
> it is possible to use netscapes signing tools to sign and applet, and
> then using the Java Plugin 1.2.2 aka Activator, view said applet in a
> browser and expect to have a window pop up requesting permissions.
>
> I have:
> Installed Netscape Certificate Server 1.01, created a new CA called
> MaxWeb, LLC CA, created a self-signed CA certificate.
> Requested and generated a personal certificate with object signing
> rights and installed it in my Netscape 4.61 browser.
> Downloaded and installed Netscape's signtool and used it to
> successfully sign and pack my class files into a jar file.
> Used Netscapes signtool to verify that said jar was in fact signed.
> It was.
> Uploaded the signed jar to a web site.
> Accessed the web site using Netscape 4.61 with the Java Plugin 1.2.2
> installed.
> And: NO SECURITY PERMISSIONS WINDOW POPS UP AS DOCUMENTED.
>
> Are you documentation writers on CRACK? Or have they left something out
> of the documentation.
>
> I have spent several days on this, and am certain I am following the
> scanty documentation available on the subject. I have read hundreds of
> messages in the java security hypermail archive and see many many other
> people experiencing similar problems. AND NO USEFUL ANSWERS
> WHATSOEVER. Most refer to the fact that you do not control Netscape or
> Microsoft. This I understand, but I am using your software Java Plugin,
> not theirs, and I expect decent support on this subject from you.
>
> We are currently embarking on the very early stages of several
> development projects. If this is the types of problems we can expect
> from Sun (false documentation, missing features) we will not be using
> Java.
>
> I look forward to your speedy reply which will tell me what I am doing
> wrong, or am missing.
>
> Thank you.
> - Jody
>