GOMEZ Henri wrote:
>>Is the "Connector-over-SLL" issue even addressed by the spec? If the
>>front-end web server is handling all of the authentication, then isn't
>>securing the connectors simply securing the communication channel,
>>having nothing to do with authentication?
>>
>
> I doubt the connector case (web-server to tomcat) was ever
> discussed on spec )
No, I doubt it, which I why fully support you guys just passing off the
client cert itself =)
>
>>I could be wrong, I'm just asking. If the Tomcat container
>>itself is not
>>involved in the authentication process, one would not expect that a
>>webapp has access to the client cert anyway. Is that right?
>>
>
> Since WebServer (a least apache+mod_ssl) could allready handle
> the strong authentification (requires + level of chain to check),
> couldn't we just have in ajp13 the client cert which will allow
> developper extract needed information for client cert, known
> that the authentification is done elsewhere...
Precisely, IMHO.
> Any serious site will have a dedicated web-server handling the
> SSL workload (in native code).
>
> Best choice is Apache/SSL or Apache-mod_ssl with openssl,
Hey! Those are fighting words! I'm the world's biggest proponent of just
running Tomcat for everything ;-)
> all being 100% OpenSource :)
Okay, good point. I'll grant you that :)
> PS: Did Sun will ever opensourced JSSE ? Could someone here
> do some lobbying ?
Amen to that, brother. Closed crypto is bad, even when I trust the guys
who implemented it :)
> It could be a project donated to jakarta or may be
> the solution could came from Cryptix :)
We'd love to have the JSSE donated to us over in Cryptix. As it is, we
have to supply a cleanroom from scratch :(
Or at least we did until we got our signing key on last week :) :) :)
Now it's not so much a necessity as a matter of whether or not we want
to maintain a cleanroom OSS JSSE as well as the provider. A few of the
developers are fervent supporters of having one, so I would imagine that
we will continue it.
- Christopher
/**
* Pleurez, pleurez, mes yeux, et fondez vous en eau!
* La moitié de ma vie a mis l'autre au tombeau.
* ---Corneille
*/
