[security-dev 01125]: Re: 6840752: Provide out-of-the-box support for ECC algorithms

[Vincent Ryan]

Hello Andrew,

Our original intention was to provide a Java implementation of ECC.

However due to software patents already granted for ECC we were
constrained in what we could reasonably resource and openly discuss.

In the end we opted to reuse the NSS code from OpenSolaris (which was
originally developed at Sun Labs and donated to OpenSSL and NSS).

Although, on many non-Windows platforms, this does result in an existing
system library being replicated in the JDK perhaps that issue can be
solved in future by making use of modules.



Andrew John Hughes wrote:
> With this changeset:
> 
> http://hg.openjdk.java.net/jdk7/jdk7/jdk/rev/1ff7163fc5f7
> 
> the new ECC was added to OpenJDK.  When I first read about this, I'd
> assumed we were getting a Java-based implementation.  The final
> changeset seem to just be an inclusion of the NSS code into the
> OpenJDK codebase, which adds yet another case where a system library
> is replicated internally (the others being libjpeg, libpng, zlib, lcms
> and probably others I've missed).
> 
> Is this correct? Were there local modifications to this code as well?
> 
> As seems to be common practice with OpenJDK, this changeset just
> appeared with very little, if any, public discussion.