[9] RFR: 8059916: Change default criticality of policy mappings and policy constraints certificate extensions

Sean Mullan sean.mullan at oracle.com
Tue Jan 13 22:06:32 UTC 2015


Looks good.

--Sean

On 01/13/2015 01:48 PM, Jason Uh wrote:
> Thanks, Sean. Could you also look at one more change I've added?
>
> http://cr.openjdk.java.net/~juh/8059916/02/
>
> Line 103 of PolicyMappingsExtension.java:
> -        extensionId = PKIXExtensions.KeyUsage_Id;
> -        critical = false;
> +        extensionId = PKIXExtensions.PolicyMappings_Id;
> +        critical = true;
>
> (Good catch, Jamil.)
>
> Jason
>
> On 1/13/15 4:55 AM, Sean Mullan wrote:
>> Looks good to me.
>>
>> --Sean
>>
>> On 01/12/2015 06:56 PM, Jason Uh wrote:
>>> Please review this change, which changes the default criticality of the
>>> policy mappings and policy constraints certificate extensions. This
>>> change makes both extensions critical by default, per RFC 5280.
>>>
>>> webrev: http://cr.openjdk.java.net/~juh/8059916/01/webrev
>>> bug: https://bugs.openjdk.java.net/browse/JDK-8059916
>>>
>>> Thanks,
>>> Jason
>


More information about the security-dev mailing list