From briefkasten at uebber.de Tue Dec 4 13:21:17 2007 From: briefkasten at uebber.de (Christian Uebber) Date: Tue, 4 Dec 2007 22:21:17 +0100 Subject: [security-dev 00027]: Re: DTLS implementation In-Reply-To: <474F6A8F.1050906@sun.com> References: <474F6A8F.1050906@sun.com> Message-ID: <27A1DEF1-0C1E-4AA9-A6A9-C7F2BF4E7DBA@uebber.de> Hello Andreas, I appreciate your offers, thank you. Meanwhile I have got this project accepted as my thesis by the Chair for Computer Networks and Internet at the University of Tuebingen. My academic advisor is Mr. Ali Fessi. On the weekend I went through the javax.net.ssl and sun.security.ssl classes and was pleasantly surprised to find such an exceptional quality. Spread out over numerous classes I've found excellent separation of concerns and extensive documentation. It's going to be fun to work with and I'll work hard to hold up this standard. There probably won't be many questions about the JSSE part from my side. For any deeper architectural and 'political' issues regarding the JDK I'll not hesitate to ask you first. Comments on my code are also always welcome. Give me 2-3 weeks for the first exemplary pieces of code. I don't want to waste your time with half-cooked stuff. Christian Am 30.11.2007 um 02:42 schrieb Andreas Sterbenz: > Christian Uebber wrote: >> Is anybody already working on this for Java DatagramSockets? I'd be >> interested in doing the work. Integration into and reuse of the >> existing JSSE code would also be my preferred way to go. > > That sounds like a great idea. We at Sun don't have any current > plans to implement DTLS due to a lack of resources, but we could > assist by answering questions about JSSE or commenting on your code. > There are also some architectural issues about fitting a secure > datagram transport into the current Networking APIs that we may want > to discuss. > > BTW, you may want to look into signing the contributor agreement: http://openjdk.java.net/contribute/ > > Andreas. > > From zedzhao at gmail.com Tue Dec 18 07:49:35 2007 From: zedzhao at gmail.com (zedzhao) Date: Tue, 18 Dec 2007 23:49:35 +0800 Subject: [security-dev 00028]: (no subject) Message-ID: <200712182349242818158@gmail.com> Hello?? I have subscibe to the security-dev mail list,but I don't kown what should I do. Could you give me some direction. Thanks. 2007-12-18 zedzhao -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.openjdk.java.net/pipermail/security-dev/attachments/20071218/e2c5cc36/attachment.html From Sean.Mullan at Sun.COM Tue Dec 18 12:37:05 2007 From: Sean.Mullan at Sun.COM (Sean Mullan) Date: Tue, 18 Dec 2007 15:37:05 -0500 Subject: [security-dev 00029]: Re: (no subject) In-Reply-To: <200712182349242818158@gmail.com> References: <200712182349242818158@gmail.com> Message-ID: <47682F71.1020407@sun.com> We will be using this mailing list to discuss topics related to the design and implementation of the security component of the OpenJDK. So, there is nothing that you specifically need to do to participate in (or start) a discussion, other than subscribe to the alias. Can you be more specific? --Sean zedzhao wrote: > Hello?? > I have subscibe to the security-dev mail list,but I don't kown what > should I do. > Could you give me some direction. > Thanks. > > 2007-12-18 > ------------------------------------------------------------------------ > zedzhao From Weijun.Wang at Sun.COM Mon Dec 24 03:14:27 2007 From: Weijun.Wang at Sun.COM (Max (Weijun) Wang) Date: Mon, 24 Dec 2007 19:14:27 +0800 Subject: [security-dev 00030]: Code review request: 6634644 broken fragment, should use @link Message-ID: Hi Sean There's a bug on spec inside javax.security.cert.X509Certificate -----START BUG REPORT----- 6634644 broken fragment, should use @link Broken fragment in api doc, following lines in javax/security/cert/ X509Certificate.java should be fixed. line 366: *

See getIssuerDN for Name broken fragment #getIssuerDN should use {@link #getIssuerDN getIssuerDN} similar for following: line 396: * the certificate. See getNotBefore line 432: *

See getSigAlgName for line 445: *

See getSigAlgName for -----END BUG REPORT----- The package is now obsolete. However, since the API is still externally exported, I suggest fixing it. Here's the patch: --- a/src/share/classes/javax/security/cert/X509Certificate.java Wed Dec 19 13:42:51 2007 +0800 +++ b/src/share/classes/javax/security/cert/X509Certificate.java Mon Dec 24 18:59:54 2007 +0800 @@ -363,7 +363,7 @@ public abstract class X509Certificate ex * subject Name * * - *

See getIssuerDN for Name + *

See {@link #getIssuerDN() getIssuerDN} for Name * and other relevant definitions. * * @return a Principal whose name is the subject name. @@ -393,7 +393,7 @@ public abstract class X509Certificate ex /** * Gets the notAfter date from the validity period of - * the certificate. See getNotBefore + * the certificate. See {@link #getNotBefore() getNotBefore} * for relevant ASN.1 definitions. * * @return the end date of the validity period. @@ -429,7 +429,7 @@ public abstract class X509Certificate ex * For example, the string "1.2.840.10040.4.3" identifies the SHA-1 * with DSA signature algorithm, as per the PKIX part I. * - *

See getSigAlgName for + *

See {@link #getSigAlgName() getSigAlgName} for * relevant ASN.1 definitions. * * @return the signature algorithm OID string. @@ -442,7 +442,7 @@ public abstract class X509Certificate ex * algorithm parameters are null; the parameters are usually * supplied with the certificate's public key. * - *

See getSigAlgName for + *

See {@link #getSigAlgName() getSigAlgName} for * relevant ASN.1 definitions. * * @return the DER-encoded signature algorithm parameters, or Can you take a code review please? Thanks Max ps. I find it ultra inconvenient to ask for a code review while the bug db and code repo is still not in the open, but will give it a try for this tiny bug.