JDK-6201800 : Support OCSP/CRL in Java plugin and Java Webstart
  • Type: Enhancement
  • Component: deploy
  • Sub-Component: deployment_toolkit
  • Affected Version: 6
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows
  • CPU: x86
  • Submitted: 2004-11-30
  • Updated: 2010-04-04
  • Resolved: 2005-05-25
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
6 b38Fixed
Java plugin and Java webstart should support CRL (Certificate Revocation Lists) and OCSP (Online Certificate Status Protocol) for verifing the certificate, otherwise there will be some security risk in Java deployment area.

OCSP overcomes the chief limitation of CRL: the fact that updates must be frequently dowloaded to keep the list current at the client end. When a user attempts to access a server, OCSP sends a request for certificate status information. The server sends back a response of "current", "expired," or "unknown." The protocol specifies the syntax for communication between the server (which contains the certificate status) and the client application (which is informed of that status). OCSP allows users with expired certificates a grace period, so they can access servers for a limited time before renewing.

EVALUATION The changes has been putback to B38 release. ###@###.### 2005-05-09 16:13:46 GMT