[11u] RFR: 8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
Lindenmaier, Goetz
goetz.lindenmaier at sap.com
Tue Jun 9 10:33:31 UTC 2020
Hi Andrew,
Thanks for the review!
> My God, what a mess elliptic-curve cryptography can be
�� ... Keeps up the work for the maintainers :/
Best regards,
Goetz.
> -----Original Message-----
> From: Andrew Haley <aph at redhat.com>
> Sent: Wednesday, June 3, 2020 10:30 AM
> To: Lindenmaier, Goetz <goetz.lindenmaier at sap.com>; jdk-updates-
> dev at openjdk.java.net
> Subject: Re: [11u] RFR: 8233228: Disable weak named curves by default in TLS,
> CertPath, and Signed JAR
>
> On 02/06/2020 16:59, Lindenmaier, Goetz wrote:
> > http://cr.openjdk.java.net/~goetz/wr20/8233228-disable_weak_curves-
> jdk11/01/
> >
> > Please review.
>
> Looks good.
>
> My God, what a mess elliptic-curve cryptography can be when used in
> the real world! [1] It makes me yearn for the good old simplicity of
> RSA, and reminds us all how easy it is to be tempted by the call of
> "efficient" public-key cryptography.
>
> [1] http://safecurves.cr.yp.to/
>
> --
> Andrew Haley (he/him)
> Java Platform Lead Engineer
> Red Hat UK Ltd. <https://www.redhat.com>
> https://keybase.io/andrewhaley
> EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671
More information about the jdk-updates-dev
mailing list