RFR 8213400: Support choosing curve name in keytool keypair generation
Weijun Wang
weijun.wang at oracle.com
Fri Dec 21 14:50:04 UTC 2018
> On Dec 21, 2018, at 9:58 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> On 11/26/18 8:32 PM, Weijun Wang wrote:
>> Ping
>
> I made a few tweaks to the title and wording.
>
>>> On Nov 15, 2018, at 9:24 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>
>>>
>>>
>>>> On Nov 15, 2018, at 3:53 AM, Adam Petcher <adam.petcher at oracle.com> wrote:
>>>>
>>>> This looks good to me, though I made a couple of trivial editorial changes. It's fine as is, but you may want to consider using secp384r1 instead of brainpool256r1 in your example. I worry that people will experiment with the new feature using your example, and then we'll get bug tickets because the resulting keystore doesn't work with TLS.
>>>
>>> This is exactly the advice I need from an expert.
>>>
>>> However, secp384r1 is already the default choice for `-keysize 384`. Do you have another recommendation that has to be set with `-groupname`?
>
> I think it is ok to use secp384r1 in the release note even though it is the default for -keysize 384.
OK, I'll use it. And I've just added another sentence that we recommend using -groupname.
>
> BTW, did you also file a docs issue to update the keytool docs with the new -groupname option?
>
Just filed one. Thanks for reminding.
--Max
> --Sean
>
>>>
>>> Thanks
>>> Max
>>>
>>>>
>>>> On 11/13/2018 7:56 PM, Weijun Wang wrote:
>>>>> Thanks. Please also take a look at the release note at https://bugs.openjdk.java.net/browse/JDK-8213821.
>>>>>
>>>>> --Max
>>>>>
>>>>>> On Nov 13, 2018, at 11:02 PM, Adam Petcher <adam.petcher at oracle.com> wrote:
>>>>>>
>>>>>> This change looks good to me. Thanks.
>>>>>>
>>>
More information about the security-dev
mailing list