[9] RFR 8177569: keytool should not warn if signature algorithm used in cacerts is weak

Xuelei Fan xuelei.fan at oracle.com
Wed Mar 29 16:13:24 UTC 2017


I see the point that a trust anchor should be trusted.  In application 
level, we don't actually check weakness of trust anchor because the user 
has made the decision to trust the cert.  However, in keytool level, I 
think it might be nice to warning weakness in trust anchor too so that 
users can aware of weakness and make a good decision.  Maybe, a user 
don't want to trust a cert again if he knows there are weakness.

What do you think?

Xuelei

On 3/29/2017 1:38 AM, Weijun Wang wrote:
> Webrev updated at
>
>   http://cr.openjdk.java.net/~weijun/8177569/webrev.01
>
> Changes since last version:
>
> - Trusted cert entries in the current keystore are also trusted. See the
> new isTrusted() method.
>
> - A cert is treated as a root CA cert only if -trustcacerts is specified.
>
> - In the current keytool documentation, -trustcacerts is only designed
> for -importcert, and it should have no effect on other commands.
> Therefore the internal trustcacerts flag is reset when command is not
> IMPORTCERT. We might re-consider this in a future release (JDK-8177760).
>
> - Several checkWeak() calls are moved before keyStore change so the
> check is only based on original keystore content. This prevents a new
> cert treated trusted while it is being -import'ed.
>
> - Test modifications.
>
> Thanks
> Max
>
> On 03/27/2017 09:43 AM, Weijun Wang wrote:
>> Please take a review at
>>
>>    http://cr.openjdk.java.net/~weijun/8177569/webrev.00/
>>
>> Since our implementation of CertPath validation does not check for the
>> signature algorithm of a root CA, keytool should not warn about its
>> weakness either.
>>
>> Thanks
>> Max



More information about the security-dev mailing list