Please Review: required security algorithms for Java SE 7 implementations

Tomas Gustavsson tomasg at
Thu Dec 16 06:40:51 PST 2010

I don't see any ECC algorithms. These are in wide use today to say the 
least. And will be so even more tomorrow (i.e. when Java SE 7 is out you 
can not live without it).


On 12/15/2010 04:11 PM, Sean Mullan wrote:
> Hello,
> Currently, the Java security APIs do not specify algorithm requirements
> for implementations of Java SE. This makes it difficult to develop
> conformance tests. Additionally, there is no guarantee that Java
> applications using these algorithms can inter-operate. See bug 5001004
> for more information:
> We will be addressing this issue in Java SE 7 by defining a list of
> required algorithms that all implementations must support. This is the
> criteria we used to decide if an algorithm should be required:
> a) the algorithm is required by the JRE itself (ex: when validating
> signed jars)
> b) the algorithm is required by a higher level Java SE API such as
> JSSE/TLS or XML Signature
> c) the algorithm is in wide use
> Please review the following list:
> For each required algorithm, a corresponding section will be added to
> the API class summary of the applicable engine class. For example, for
>, the following paragraph will be
> added:
> Every implementation of the Java platform is required to support the
> following standard CertificateFactory type:
> * X.509
> This type is described in the CertificateFactory section of the Java
> Cryptography Architecture Standard Algorithm Names Document. Consult
> the release documentation for your implementation to see if any other
> types are supported.
> We are requesting feedback or any questions by December 22.
> Thanks,
> Sean

More information about the security-dev mailing list