This is a terrific idea, and long overdue.
NSS offers little of value for developers, quite *inappropriate* for
Glassfish.
And it's not even clear that NSS performance is superior at this
point in time.
Lloyd Chambers
On Aug 16, 2006, at 12:36 PM, Shing Wai Chan wrote:
> In current GlassFish v2 EE (which is the cluster mode that is
> available starting build b12), NSS is used as a storage for
> certificates and private keys. NSS is a native library that is not
> available on all platforms. This limits our reach to other
> platforms like Mac. Our goal is to move away from native library
> but still provide the same functionality. We propose to switch to
> JKS (supported by JDK) in GlassFish EE v2. We will support both NSS
> and JKS but JKS would be the default option. NSS would not be
> bundled by default and for NSS option to work, some manual steps
> will be required. This enables us to reach a wider range of users
> and also simplifies dependencies.
> The following is the list of proposed changes (at high level):
> - admin CLI will need to provide an option to indicate whether we
> should use NSS or JKS as certificate storage for domain creation.
> By default, a domain with JKS will be created.
> The selection is only during domain creation time. Once a domain
> is created, we will not support changing of certificate storage type.
> - synchronization may need to update for this change
> - security runtime will initialize NSS or JKS accordingly
>
> Please let me know if you have comments/suggestions/concerns.
>
> Regards,
> Shing Wai Chan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>