* Charles Fry: > Well, I may not entirely understand your question, but here is my > understanding of the situation, as supported by the document How to > Implement a Provider for the JavaTM Cryptography Extension[1].
Unfortunately, this document doesn't explain why the certificate is needed. > In order to be trusted, the security provider must be signed with a > key that was certified by the JCE Code Signing Certification > Authority (see Step 5 of the document above). So why can't we ship trusted root certificates for a Debian Code Signing Certification Authority, or trust everything which is present in the file system? I have the strong suspicion that this certificate just asserts that you have signed the CSR form and promised to comply with U.S. export regulations, and nothing else. Maybe this was the result of a deal between BXA/BIS and Sun which permitted Sun to export their implementation. We don't need to follow such a procedure because Debian has different means to comply with the regulations, and we do not distribute Sun's implementation, AFAIK. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]