Please Review: required security algorithms for Java SE 7 implementations

Brad Wetmore bradford.wetmore at oracle.com
Mon Jan 3 21:30:07 UTC 2011 

Sean,

I didn't check that anything else changed, but textually looks good.

One comment:  you should consider including a link to RFC 5746 like we 
do for all of the other RFCs.

If you have time, can you also add the link to the RFC where the 
TLS_EMPTY_RENEGOTIATION_INFO_SCSV is defined?

And there were a couple spots in:

 
http://cr.openjdk.java.net/~mullan/5001004/review.02/StandardNames.html#alg

that are also missing the links to the RFC.

Thanks,

Brad



On 12/28/2010 7:41 AM, Sean Mullan wrote:
> I have posted the 3rd revision of the required algorithms list at:
>
> http://cr.openjdk.java.net/~mullan/5001004/review.02/StandardNames.html#impl
>
>
> Changes since the initial (00) version are:
>
> - added MD5 and HmacMD5 to the required algorithms
> - added the CertPath Encodings PKCS7 and PkiPath to the required algorithms
> - specified that a TLSv1 implementation must also support the special
> signaling cipher suite TLS_EMPTY_RENEGOTIATION_INFO_SCSV for safe
> renegotiation (see RFC 5746)
>
> Unless there are any further substantial comments, the plan is to
> proceed with this list for JDK 7.
>
> Thanks,
> Sean
>
> On 12/15/10 10:11 AM, Sean Mullan wrote:
>> Hello,
>>
>> Currently, the Java security APIs do not specify algorithm
>> requirements for
>> implementations of Java SE. This makes it difficult to develop
>> conformance
>> tests. Additionally, there is no guarantee that Java applications
>> using these
>> algorithms can inter-operate. See bug 5001004 for more information:
>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=5001004
>>
>> We will be addressing this issue in Java SE 7 by defining a list of
>> required
>> algorithms that all implementations must support. This is the criteria
>> we used
>> to decide if an algorithm should be required:
>>
>> a) the algorithm is required by the JRE itself (ex: when validating
>> signed jars)
>> b) the algorithm is required by a higher level Java SE API such as
>> JSSE/TLS or
>> XML Signature
>> c) the algorithm is in wide use
>>
>> Please review the following list:
>> http://cr.openjdk.java.net/~mullan/5001004/review.00/StandardNames.html#impl
>>
>>
>> For each required algorithm, a corresponding section will be added to
>> the API
>> class summary of the applicable engine class. For example, for
>> java.security.cert.CertificateFactory, the following paragraph will be
>> added:
>>
>> Every implementation of the Java platform is required to support the
>> following standard CertificateFactory type:
>>
>> * X.509
>>
>> This type is described in the CertificateFactory section of the Java
>> Cryptography Architecture Standard Algorithm Names Document. Consult
>> the release documentation for your implementation to see if any other
>> types are supported.
>>
>> We are requesting feedback or any questions by December 22.
>>
>> Thanks,
>> Sean
>>
>>
>>
>>

More information about the security-dev mailing list