[theora-dev] A thank you and question about the cortado jar

Denver Gingerich denver at ossguy.com
Sun Jul 12 13:47:07 PDT 2009

On Sun, Jul 12, 2009 at 4:27 PM, Timothy B. Terriberry<tterribe at xiph.org> wrote:
> Michael A. Peters wrote:
>> Is what I'm doing kosher?
> Yes, we put it there for exactly this purpose.
> However, there's currently a minor technical problem, which is that
> Java's security model only allows an applet to open URLs from the same
> domain the applet is hosted on, unless the applet is signed. We've
> self-signed it, but this still requires the user to manually authorize
> the connection. Supposedly one can get around this by getting the applet
> signed with an appropriate certificate (e.g., one already trusted by the
> browser), but we've been unable to come up with a way to test that this
> actually works in a reasonable set of JVMs (e.g., Microsoft's) without
> sinking the $400 or whatever it costs to buy the certificate up front
> (if someone out there has ideas on this subject, please let us know).

I believe that a "personal email certificate" from Thawte Freemail
will do the trick.  You can find out more by searching for "Freemail"
in the following link (thanks to Stephen Paul Weber at
http://singpolyma.net/ for finding it):


I haven't tested this myself, but I believe it will do what you want.
I'm very interested in seeing Cortado succeed for this use case
because it will make it much easier for a web site owner to provide
Theora/Vorbis content that a large percentage of web users can view
(along with something like mv_embed).

I believe that a Thawte Freemail certificate will also work for
signing ActiveX controls, such as the VLC ActiveX control.  This would
allow us to support virtually all web users since all OS X users have
a Java VM (IIRC) and those IE users without a JVM will have ActiveX.
We could strip out all non-Theora codecs from VLC to make the VLC
ActiveX control easier to legally distribute.


More information about the theora-dev mailing list