Trusted code-signing certificate lists

M. Gallant 03/28/2001

When signed Java applets are executed within browsers, the security infrastructure dictates that the end-user should be prompted with sufficient information to make an informed decision as to whether the code should be allowed to run or not. This decision is typically based on knowledge of the web site hosting the signed applet, or for less well known sites, knowledge of the integrity of the entity responsible for developing and signing the code (which typically could be two different developers!). Once this initial security decision is made, most end users typically don't wish to be inconvenienced with repeating the same decision for the same code-signer. Therefore, most signed-applet web-browser security interfaces provide the capability, within the initial security dialog, to make the decision "stick". This amounts to saving a secure list of the public certificates corresponding for the "trusted signers".

Netscape, Internet Explorer and Sun (via JavaPlugin) offer this "sticky security" functionality, but with different dialogs. The information below shows 2 screen shots for each vendor: a screenshot of the Java security dialog presented to end users for the signed code, and a screenshot of the location where the trusted certificates are stored, and from which they can be manually removed easily. By default, there are no trusted certificates in the list for any of the vendors. These lists should not be confused with the lists of trusted root CA certificates, or local keystore file lists etc.. The examples below correspond to the views after one trusted certificate has been added to the list for each vendor:

JavaPlugin 1.3.0+ ("Grant always" button)

Microsoft IE: native JVM ("Always trust content from ......." checkbox)

Netscape: native JVM ("Remember this decision" checkbox)