[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Help and input needed
From: |
Casey Marshall |
Subject: |
Re: Help and input needed |
Date: |
Tue, 16 Dec 2003 15:06:03 -0800 |
User-agent: |
Gnus/5.1002 (Gnus v5.10.2) Emacs/21.2 (gnu/linux) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Mark" == Mark Wielaard <address@hidden> writes:
Mark> [...]
Mark> As you can see very little coding, reviewing or even testing of
Mark> code :( My new year resolution will be: Less talking, More
Mark> coding!
There's a few things relating to the security/crypto bits of Classpath
and friends that I'd like to mention, and get opinions on:
- Jessie looks like it will become a GNU package someday, but there
is still some question of where it should go. Suggestions include
* Classpathx, but Nic has indicated that he thinks Classpathx
would be better off in Classpath proper.
* Classpath, possibly as an optional/sub- project.
* On its own, all by its lonesome.
Above all I'd like to see this project keep some level of
independence from Classpath, so it can evolve at its own pace.
- I've been extending the X.509 classes I put into Classpath a while
ago to complete the PKI platform with things such as
CertPathValidator implementations, and have started implementing
NIST's giant PKI test suite [1] around Mauve. There is a *totally*
unofficial tarball of this at [2] (the username is "pki" and the
password "gnupki" -- I don't want Joe Searchengine downloading
this quite yet). I currently have 73 tests (out of hundreds)
implemented, and they all pass.
The questions here are similar to those for Jessie: where should
this go?
The PKIX standard is giant and complicated. Anyone with copious
spare time (...) is welcome to help.
- Classpath, Jessie, and the GNU PKI packages all have their own
copies of some simple ASN.1 DER codec classes. This isn't good.
Some sort of grand unified ASN.1 library would be nice to have.
- KeyStores. We have a brand-new keyring format in GNU Crypto, and
attached is a minimal read-only version for public keyrings.
- Policy files. I have been working on and off on an implementation
of java.security.Policy that reads JDK-style policy files. I've
attached my current version.
- javax.crypto and javax.net.ssl should go into Classpath, in my
opinion.
- My own list for future additions include
* Kerberos and GSSAPI.
* OpenPGP.
* Keytool and jarsigner equivalents.
- ---
[1] http://csrc.nist.gov/pki/testing/x509paths.html
[2] http://metastatic.org/source/gnu-pki/
- --
Casey Marshall || address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>
iD8DBQE/349wgAuWMgRGsWsRAt6OAJ9G+nmGO5e2LNtlg8Fzk3XDr9JgLgCfXUed
dX6Agjacd3S2QrBD+uf+Qxo=
=RMwn
-----END PGP SIGNATURE-----
GnuKeyring.java
Description: Text document
PolicyFile.java
Description: Text document