RFR [10]: JDK-8182484: Remove 1024-bit default requirement from javadoc of java.security.interfaces.DSAKeyPairGenerator
Valerie Peng
valerie.peng at oracle.com
Wed Nov 22 02:04:26 UTC 2017
Sure, webrev updated and CSR moved to finalized state.
http://cr.openjdk.java.net/~valeriep/8182484/webrev.02/
Thanks,
Valerie
On 11/21/2017 9:28 AM, Sean Mullan wrote:
> One more small comment:
>
> 51 * <li>Check if the returned key pair generator is an instance of
> the
> 52 * DSAKeyPairGenerator interface before casting the result to a
>
> I would just say "... instance of DSAKeyPairGenerator before ..."
>
> --Sean
>
> On 11/16/17 7:39 PM, Valerie Peng wrote:
>>
>> Thanks for the feedback.
>>
>> I have updated webrev to address your comments:
>> http://cr.openjdk.java.net/~valeriep/8182484/webrev.01/
>> CSR has also been updated and proposed.
>> Valerie
>>
>> On 11/14/2017 10:47 AM, Sean Mullan wrote:
>>> On 11/8/17 6:47 PM, Valerie Peng wrote:
>>>> Hi, Sean,
>>>>
>>>> I updated the webrev in place - now this change contains only
>>>> javadoc update of DSAKeyPairGenerator interface.
>>>> CSR has also been updated accordingly. Could you please take a look?
>>>
>>> Sure.
>>>
>>> 35 * DSAKeyPairGenerator, each provider must supply (and document) a
>>> 36 * default initialization.
>>>
>>> I suggest saying "should" instead of "must" since we can't really
>>> require this to be documented, esp. for a 3rd-party provider. Also I
>>> would say "each provider that implements this interface ...".
>>>
>>> 52 * DSAKeyPairGenerator, then call one of the {@code initialize}
>>> methods
>>>
>>> Slight rewording suggestion: "DSAKeyPairGenerator and calling one of
>>> the {@code initialize} methods"
>>>
>>> 103 * thrown. It is guaranteed that there will always be
>>> 104 * default parameters for modulus lengths of 512, 1024, and
>>> 2048 bits.
>>>
>>> I guess "guaranteed" is referring to any impl of
>>> DSAKeyPairGenerator, but it is kind of hard to enforce that if you
>>> are using a 3rd-party provider. I think we should consider just
>>> removing this sentence entirely and leaving the requirements up to
>>> the implementation. It's also unusual that we would require
>>> 512-bits, and hard-coding that might make it hard to remove later
>>> on. Minimally, I think we should remove 512.
>>>
>>> --Sean
>>>
>>>>
>>>> Thanks,
>>>> Valerie
>>>>
>>>> On 11/2/2017 6:24 PM, Valerie Peng wrote:
>>>>> Sean,
>>>>>
>>>>> Could you help review this RFE below? It's mainly the javadoc
>>>>> update of java.security.interfaces.DSAKeyPairGenerator which
>>>>> replaces the 1024-bit default value with provider-specific one and
>>>>> removal of the earlier changes for working around this javadoc
>>>>> limitation. I reused the wordings from existing security classes.
>>>>>
>>>>> RFE: https://bugs.openjdk.java.net/browse/JDK-8182484
>>>>> Webrev: http://cr.openjdk.java.net/~valeriep/8182484/webrev.00/
>>>>> CSR: https://bugs.openjdk.java.net/browse/JDK-8190569
>>>>>
>>>>> Thanks,
>>>>> Valerie
>>>>
>>
More information about the security-dev
mailing list