JEP Review Request: SHA-3 Hash Algorithm
Valerie Peng
valerie.peng at oracle.com
Mon Feb 29 20:44:14 UTC 2016
Thanks for the comments, there are only < 3 months left for this to be
implemented.
Besides just assigning the mech numbers, we need the underlying PKCS11
library (Solaris or NSS) to support SHA-3.
Once we have that, enhancing SunPKCS11 provider is fairly trivial and
can be done via an RFE.
I think it makes more sense to not include PKCS11 into this JEP unless
SHA-3 is already supported by the underlying PKCS11 library.
It's not like we won't support SHA-3 in SunPKCS11 provider ever, it's
just done at a later time, may be very soon but that depends on how fast
SHA-3 support will be added to the native PKCS11 library.
Regards,
Valerie
On 2/23/2016 3:57 PM, Michael StJohns wrote:
> On 2/17/2016 7:49 PM, Valerie Peng wrote:
>> Please review this drafted JEP for adding SHA-3 Hash Algorithm
>> support to JDK 9:
>>
>> https://bugs.openjdk.java.net/browse/JDK-8064399
>>
>> Thanks,
>> Valerie
>
> This looks pretty good. However, I wouldn't throw PKCS11 to the side
> of the road.
>
> https://wiki.oasis-open.org/pkcs11/Meetingminutes/Minutes13012016
> suggests that PKCS11 will have the mechanism numbers probably before
> you get this approved and implemented. If you ask, they may be
> willing to assign the mechanism numbers prior to the release of the
> document, and that's really all that's necessary.
>
> Mike
>
More information about the security-dev
mailing list