Condensed Authentication bundle #1742
Conversation
|
@laeubi Pleasantly surprised, so few issues this go around. lol... |
rofl lmao Beside that, this is just a quick review if things that need to be done before more in deep review... IMHO! |
|
@laeubi I could expect nothing less. Everyone wants to be secure, but no one wants security! |
|
FYI, when @HannesWell and I last talked with @JavaJoeS we strongly recommended that he get in contact with you because we don't know anyone who is qualified to review these low-level, security-related issues and I don't think we non-experts can move forward on technology where we do not understand fully the risks... |
|
@sratz Please contact me. Im in the process of doing updates as directed on this PR. |
|
I am not a security expert so do not consider myself qualified to review this code. Besides the security aspects it's
I also fail to understand what concrete problem this is going to solve. My point of contact with this kind of certificate handling is many because of
i.e., to ensure that the basic functionality of installing/updating software / talking to outside world in general works well also in weird corporate environments. I don't think this kind of complicated PCKS code belongs in the base platform as I believe it to be out of scope for an RCP platform. Also, my personal experience is that the world is rather moving away from these kind of PKCS-based client/server authentication towards standards such as OAuth / OpenID Connect. |
…vaJoeS/eclipse.platform.git into CondensedAuthenticationBranch
This security package contains functionality to allow for Client and/or Server Authentication using PKCS11 or PKCS12 keystores and JKS Truststores.