[11u] RFR: 8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
Andrew Haley
aph at redhat.com
Wed Jun 3 08:29:46 UTC 2020
On 02/06/2020 16:59, Lindenmaier, Goetz wrote:
> http://cr.openjdk.java.net/~goetz/wr20/8233228-disable_weak_curves-jdk11/01/
>
> Please review.
Looks good.
My God, what a mess elliptic-curve cryptography can be when used in
the real world! [1] It makes me yearn for the good old simplicity of
RSA, and reminds us all how easy it is to be tempted by the call of
"efficient" public-key cryptography.
[1] http://safecurves.cr.yp.to/
--
Andrew Haley (he/him)
Java Platform Lead Engineer
Red Hat UK Ltd. <https://www.redhat.com>
https://keybase.io/andrewhaley
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671
More information about the jdk-updates-dev
mailing list