Please Review: required security algorithms for Java SE 7 implementations

Tomas Gustavsson tomas at primekey.se
Fri Dec 17 00:05:23 PST 2010


Ah yes there is that issue of course. I fully understand the reasoning
behind that. Too bad so many out there don't consider patent encumbering
when designing systems (such as ePassport as an example).

Cheers,
Tomas

On 12/16/2010 08:05 PM, Sean Mullan wrote:
> Right, but there are ECC patents that each vendor needs to consider on
> their own. Since these are requirements that all Java SE 7
> implementations would have to support, it did not seem appropriate to
> make any ECC algorithms required or in general any algorithm that may be
> protected by patents.
> 
> --Sean
> 
> On 12/16/2010 09:40 AM, Tomas Gustavsson wrote:
>>
>> I don't see any ECC algorithms. These are in wide use today to say the
>> least. And will be so even more tomorrow (i.e. when Java SE 7 is out you
>> can not live without it).
>>
>> Regards,
>> Tomas
>>
>> On 12/15/2010 04:11 PM, Sean Mullan wrote:
>>> Hello,
>>>
>>> Currently, the Java security APIs do not specify algorithm requirements
>>> for implementations of Java SE. This makes it difficult to develop
>>> conformance tests. Additionally, there is no guarantee that Java
>>> applications using these algorithms can inter-operate. See bug 5001004
>>> for more information:
>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=5001004
>>>
>>> We will be addressing this issue in Java SE 7 by defining a list of
>>> required algorithms that all implementations must support. This is the
>>> criteria we used to decide if an algorithm should be required:
>>>
>>> a) the algorithm is required by the JRE itself (ex: when validating
>>> signed jars)
>>> b) the algorithm is required by a higher level Java SE API such as
>>> JSSE/TLS or XML Signature
>>> c) the algorithm is in wide use
>>>
>>> Please review the following list:
>>> http://cr.openjdk.java.net/~mullan/5001004/review.00/StandardNames.html#impl
>>>
>>>
>>>
>>>
>>> For each required algorithm, a corresponding section will be added to
>>> the API class summary of the applicable engine class. For example, for
>>> java.security.cert.CertificateFactory, the following paragraph will be
>>> added:
>>>
>>> Every implementation of the Java platform is required to support the
>>> following standard CertificateFactory type:
>>>
>>> * X.509
>>>
>>> This type is described in the CertificateFactory section of the Java
>>> Cryptography Architecture Standard Algorithm Names Document. Consult
>>> the release documentation for your implementation to see if any other
>>> types are supported.
>>>
>>> We are requesting feedback or any questions by December 22.
>>>
>>> Thanks,
>>> Sean
>>>
>>>
>>>




More information about the security-dev mailing list