Trusted code-signing certificate lists
M. Gallant 03/28/2001
When signed Java applets are executed within browsers, the security infrastructure
dictates that the end-user should be prompted with sufficient information to make an
informed decision as to whether the code should be allowed to run or not. This decision
is typically based on knowledge of the web site hosting the signed applet, or for less
well known sites, knowledge of the integrity of the entity responsible for developing and
signing the code (which typically could be two different developers!).
Once this initial security decision is made, most end users typically don't wish to be inconvenienced with
repeating the same decision for the same code-signer. Therefore, most signed-applet
web-browser security interfaces provide the capability, within the initial security dialog,
to make the decision "stick". This amounts to saving a secure list of the public certificates
corresponding for the "trusted signers".
Netscape, Internet Explorer and Sun (via JavaPlugin) offer this "sticky security"
functionality, but with different dialogs. The information below shows 2 screen shots for each
vendor: a screenshot of the
Java security dialog presented to end users for the signed code, and a screenshot of the location where the trusted
certificates are stored, and from which they can be manually removed easily. By default, there are no trusted certificates
in the list for any of the vendors. These lists should not be confused with the lists of trusted
root CA certificates, or local keystore file lists etc.. The examples below correspond to the views after
one trusted certificate has been added to the list for each vendor:
JavaPlugin 1.3.0+ ("Grant always" button)
Microsoft IE: native JVM ("Always trust content from ......." checkbox)
Netscape: native JVM ("Remember this decision" checkbox)