From: "Tom Williams" <tom.williams@diversifiedsoftware.com>
To: java-security@java.sun.com
Date: Mon, 16 Aug 1999 19:07:15 -0700
Subject: Netscape Object signing certificates and the Java 1.2.2 plug-in
Hi! I just bought a Netscape Object Signing certificate from Verisign and
after I tried it out I found the messages about the security hole that was
found in 1.2.2RC1 and how IE's CA store should be used instead of
Netscape's to circumvent the problem. I have three questions:
1) Where is IE's CA store and how do I "import/load" it into Netscape? I'm
using Netscpe 4.61 and Internet Explorer 4.0 on Windows 98 with the Java
1.2.2 FCS plug-in
2) Will the Java plug-in security online documentation be updated to
caution users about which third-party certificates to use?
3) If I must do this on my own browser to run my signed applet, does that
mean that every browser I send the applet out to will/might have this same
problem?
Thanks in advance for your time and assistance!
Peace....
Tom Williams
tom.williams@diversifiedsoftware.com