[security-dev 00889]: Re: code review request 6570344 Invalid RSA OID in sun.security.x509.AlgorithmId
Sean Mullan
Sean.Mullan at Sun.COM
Wed Jun 10 13:05:30 UTC 2009
The fix looks fine to me.
--Sean
Xuelei Fan wrote:
> Hi,
>
> The RSA OID from sun.security.x509.AlgorithmId is 1.2.5.8.1.1. However
> no such OID seems to exist. The correct one should be 2.5.8.1.1.
>
> ITU-T X.509 defined RSA encryption algorithm as:
> id-ea-rsa = {joint-iso-itu-t(2) ds(5) algorithm(8)
> encryptionAlgorithm(1) rsa(1)}
> rsa ALGORITHM ::= {
> KeySize
> IDENTIFIED BY id-ea-rsa
> }
>
> However, the industry does not use the above specification, a serial of
> definitions of PKCS#1 are adopted instead (the PKIX WG of IETF adopts
> the PKCS#1 definitions). I think that is also why we did not get issue
> report on parsing a certificate with such a OID. BTW there is a defect
> report to deprecate the above definition. [1]
>
> Anyway, I think we need to correct "1.2.5.8.1.1" to "2.5.8.1.1" even no
> practical certificate issues reported by now.
>
> Webrev: http://cr.openjdk.java.net/~xuelei/6570344/webrev.00/
> Bug description: http://cr.openjdk.java.net/~xuelei/6570344/webrev.00/
>
> [1]:
> http://www.oid-info.com/cgi-bin/display?oid=2.5.8.1.1&submit=Display&action=display
>
>
>
> Thanks,
> Xuelei
More information about the security-dev
mailing list