Please Review: required security algorithms for Java SE 7 implementations
Sean Mullan
sean.mullan at oracle.com
Wed Dec 15 15:11:11 UTC 2010
Hello,
Currently, the Java security APIs do not specify algorithm requirements for
implementations of Java SE. This makes it difficult to develop conformance
tests. Additionally, there is no guarantee that Java applications using these
algorithms can inter-operate. See bug 5001004 for more information:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=5001004
We will be addressing this issue in Java SE 7 by defining a list of required
algorithms that all implementations must support. This is the criteria we used
to decide if an algorithm should be required:
a) the algorithm is required by the JRE itself (ex: when validating signed jars)
b) the algorithm is required by a higher level Java SE API such as JSSE/TLS or
XML Signature
c) the algorithm is in wide use
Please review the following list:
http://cr.openjdk.java.net/~mullan/5001004/review.00/StandardNames.html#impl
For each required algorithm, a corresponding section will be added to the API
class summary of the applicable engine class. For example, for
java.security.cert.CertificateFactory, the following paragraph will be added:
Every implementation of the Java platform is required to support the
following standard CertificateFactory type:
* X.509
This type is described in the CertificateFactory section of the Java
Cryptography Architecture Standard Algorithm Names Document. Consult
the release documentation for your implementation to see if any other
types are supported.
We are requesting feedback or any questions by December 22.
Thanks,
Sean
More information about the security-dev
mailing list