Duplicate :
|
A DESCRIPTION OF THE REQUEST : If the Verisign timestamping certificate at:- https://knowledge.verisign.com/resources/sites/VERISIGN/content/live/SOLUTION/9000/SO9699/en_US/TimestampCA.cer was added to cacerts in the JRE then timestamping of applets would be possible using the jarsigner option -tsa https://timestamp.geotrust.com/tsa which is also from Verisign (they own Geotrust). This certificate is already included with Firefox so why not in the JRE too? JUSTIFICATION : Timestamping proves the date of the jar signing and can allow jar expiry to be extended beyond the signing cert expiry date. In one test with a one year signing cert the jar expiry was extended to around 9 years. This means the users do not get bothered with untrusted security alerts after only one year. In a nutshell - less hassle for users.