Please Review: required security algorithms for Java SE 7 implementations

Sean Mullan sean.mullan at oracle.com
Thu Dec 16 11:05:27 PST 2010


Right, but there are ECC patents that each vendor needs to consider on 
their own. Since these are requirements that all Java SE 7 
implementations would have to support, it did not seem appropriate to 
make any ECC algorithms required or in general any algorithm that may be 
protected by patents.

--Sean

On 12/16/2010 09:40 AM, Tomas Gustavsson wrote:
>
> I don't see any ECC algorithms. These are in wide use today to say the
> least. And will be so even more tomorrow (i.e. when Java SE 7 is out you
> can not live without it).
>
> Regards,
> Tomas
>
> On 12/15/2010 04:11 PM, Sean Mullan wrote:
>> Hello,
>>
>> Currently, the Java security APIs do not specify algorithm requirements
>> for implementations of Java SE. This makes it difficult to develop
>> conformance tests. Additionally, there is no guarantee that Java
>> applications using these algorithms can inter-operate. See bug 5001004
>> for more information:
>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=5001004
>>
>> We will be addressing this issue in Java SE 7 by defining a list of
>> required algorithms that all implementations must support. This is the
>> criteria we used to decide if an algorithm should be required:
>>
>> a) the algorithm is required by the JRE itself (ex: when validating
>> signed jars)
>> b) the algorithm is required by a higher level Java SE API such as
>> JSSE/TLS or XML Signature
>> c) the algorithm is in wide use
>>
>> Please review the following list:
>> http://cr.openjdk.java.net/~mullan/5001004/review.00/StandardNames.html#impl
>>
>>
>>
>> For each required algorithm, a corresponding section will be added to
>> the API class summary of the applicable engine class. For example, for
>> java.security.cert.CertificateFactory, the following paragraph will be
>> added:
>>
>> Every implementation of the Java platform is required to support the
>> following standard CertificateFactory type:
>>
>> * X.509
>>
>> This type is described in the CertificateFactory section of the Java
>> Cryptography Architecture Standard Algorithm Names Document. Consult
>> the release documentation for your implementation to see if any other
>> types are supported.
>>
>> We are requesting feedback or any questions by December 22.
>>
>> Thanks,
>> Sean
>>
>>
>>




More information about the security-dev mailing list