The application you are installing will need access to your hard drive or to the internet, so Java Web Start wants to verify that the application really came directly from Bobbing Software, and hasn't been tampered with.

Java Web Start has no idea what Bobbing Software's security "signature" is supposed to look like, so it cannot guarantee that the signature on this application is really Bobbing Software's signature.

Without a sample of Bobbing Software's signature for comparison, it can't be sure it's a "Bobbing Software" application.

No, you're good. Java Web Start doesn't notice a similarity between the company name "Bobbing Software" and the domain name "bobbingsoftware.com". Download directly from bobbingsoftware.com, and you can be pretty sure this is an "authentic" Bobbing Software product.

Well no, but you never were. Even with a certificate, Java Web Start can only guarantee that any problems came from Bobbing Software, and weren't added later.

No. All code supports the described functionality only.

Inconceivable! (But, uh, if you've found something wrong or odd, please let us know.)

If a certificate could do that, we would get one.

A security certificate only guarantees that you have an exact copy of what was sent by the person or business who "signs" it. That provides accountability; if you encounter bugs, spyware, and viruses, you'll know who to blame.

You can accomplish the same thing by downloading directly from our site.

Yes, but it isn't easy or cheap. To keep our signature in their database for one year, Verisign wants $499.