Incorrect Documentation

Jody Larsen (jody@maxweb.com)
Tue, 20 Jul 1999 19:40:36 -0400

Date: Tue, 20 Jul 1999 19:40:36 -0400
From: Jody Larsen <jody@maxweb.com>
To: java-security@java.sun.com
Subject: Incorrect Documentation

I have followed to a tee the instructions found at
http://java.sun.com/security/hypermail/java-security-archive-4/0352.html

and have virtually concluded that the assertion that JDK 1.2.2 supported
RSA signed applets is utter an complete vaporware. At least Microsoft
has the decency to say that their products have not yet been released.

According to the message at:
http://java.sun.com/security/hypermail/java-security-archive-4/0352.html

it is possible to use netscapes signing tools to sign and applet, and
then using the Java Plugin 1.2.2 aka Activator, view said applet in a
browser and expect to have a window pop up requesting permissions.

I have:
Installed Netscape Certificate Server 1.01, created a new CA called
MaxWeb, LLC CA, created a self-signed CA certificate.
Requested and generated a personal certificate with object signing
rights and installed it in my Netscape 4.61 browser.
Downloaded and installed Netscape's signtool and used it to
successfully sign and pack my class files into a jar file.
Used Netscapes signtool to verify that said jar was in fact signed.
It was.
Uploaded the signed jar to a web site.
Accessed the web site using Netscape 4.61 with the Java Plugin 1.2.2
installed.
And: NO SECURITY PERMISSIONS WINDOW POPS UP AS DOCUMENTED.

Are you documentation writers on CRACK? Or have they left something out
of the documentation.

I have spent several days on this, and am certain I am following the
scanty documentation available on the subject. I have read hundreds of
messages in the java security hypermail archive and see many many other
people experiencing similar problems. AND NO USEFUL ANSWERS
WHATSOEVER. Most refer to the fact that you do not control Netscape or
Microsoft. This I understand, but I am using your software Java Plugin,
not theirs, and I expect decent support on this subject from you.

We are currently embarking on the very early stages of several
development projects. If this is the types of problems we can expect
from Sun (false documentation, missing features) we will not be using
Java.

I look forward to your speedy reply which will tell me what I am doing
wrong, or am missing.

Thank you.
- Jody