RFR 8072394: java.security.cert.PolicyQualifierInfo needs value-based equality
Sean Mullan
sean.mullan at oracle.com
Thu Apr 23 12:19:33 UTC 2015
On 04/06/2015 04:18 PM, Florian Weimer wrote:
> On 03/04/2015 06:47 PM, Sean Mullan wrote:
>
>> I can take care of filing an internal CCC and will let you know when
>> that is approved or if there are any questions.
>
> This new webrev incorporates feedback from the CCC:
>
> <http://cr.openjdk.java.net/~fweimer/8072394/webrev.03/>
>
> This needs additional tests, but I want to check first if the direction
> is okay.
This looks ok to me. Can you give the test a more descriptive name w/o
the bugid in the name?
--Sean
>
> The PolicyQualifierInfoSet class is needed because there is no existing
> LinkedTreeSet class. I do not want to continue to use LinkedHashSet
> because of the denial of service risk from hash collisions (this was not
> a problem before because the hash was identity-based), and the cost of
> computing hash codes even for single-element sets.
>
More information about the security-dev
mailing list