United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6201800 Support OCSP/CRL in Java plugin and Java Webstart
JDK-6201800 : Support OCSP/CRL in Java plugin and Java Webstart

Details
Type:
Enhancement
Submit Date:
2004-11-30
Status:
Resolved
Updated Date:
2010-04-04
Project Name:
JDK
Resolved Date:
2005-05-25
Component:
deploy
OS:
windows
Sub-Component:
deployment_toolkit
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
6
Fixed Versions:

Related Reports

Sub Tasks

Description
Java plugin and Java webstart should support CRL (Certificate Revocation Lists) and OCSP (Online Certificate Status Protocol) for verifing the certificate, otherwise there will be some security risk in Java deployment area.

OCSP overcomes the chief limitation of CRL: the fact that updates must be frequently dowloaded to keep the list current at the client end. When a user attempts to access a server, OCSP sends a request for certificate status information. The server sends back a response of "current", "expired," or "unknown." The protocol specifies the syntax for communication between the server (which contains the certificate status) and the client application (which is informed of that status). OCSP allows users with expired certificates a grace period, so they can access servers for a limited time before renewing.




                                    

Comments
EVALUATION

The changes has been putback to B38 release.
###@###.### 2005-05-09 16:13:46 GMT
                                     
2005-05-09



Hardware and Software, Engineered to Work Together