RFR 8177291: [doc] weak algorithms and crypto policy in JGSS docs
Sean Mullan
sean.mullan at oracle.com
Mon Apr 3 13:35:24 UTC 2017
Hi Max,
Just a few comments:
"The default jurisdiction policy files bundled in Java SE is now
unlimited, which means the AES-256 encryption type is available by default."
s/is/are/
"The DES based encryption types (including des-cbc-md5 and des-cbc-crc)
are disabled by default."
Was this in the 8.0 release? If not, we probably should not list it here
because this is for features in the major releases.
"In "Goal of this exercise", remove "and DES", "DES-CBC-MD5" and
"DES-CBC-CRC".
I can't find this sentence in the doc. Also, these algorithms are still
supported, just not enabled by default, so we should list them in the
supported section.
"At the end of this section, add "Note: DES based encryption types are
disabed by default."
s/disabed/disabled/
"First, you need to update to use the KDC that supports the required
Kerberos encryption types, such as latest Solaris or the MIT Kerberos
from MIT distribution. If you are using Active Directory on a Windows
platform, the latest version also supports RC4-HMAC and AES encryption
types."
s/to use the KDC/the KDC/
s/such as latest Solaris or the MIT Kerberos from MIT distribution./such
as the latest version of Solaris or the latest version of Kerberos from
the MIT distribution./
--Sean
On 3/20/17 10:01 PM, Weijun Wang wrote:
> This is not exactly a code review, I'd like you to review my suggested
> changes on the JGSS guides in
>
> https://bugs.openjdk.java.net/browse/JDK-8177291
>
> If everything is OK, I can pass it to the doc writer.
>
> Thanks
> Max
More information about the security-dev
mailing list