Code Review Request: TLS 1.3 Implementation
Jamil Nimeh
jamil.j.nimeh at oracle.com
Fri Jun 1 14:12:02 UTC 2018
On 6/1/2018 7:11 AM, Xuelei Fan wrote:
> > http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
>
> CookieExtension.java
> HelloRequest.java
> HelloVerifyRequest.java
> --------------------
> Looks fine to me.
>
> HKDF.java
> ---------
> 46 class HKDF {
>
> Use "final class"?
JJN: Yes, I don't see us needing to derive child classes from this.
>
> - 65 hmacObj = Mac.getInstance(hmacAlg);
> + 65 hmacObj = JsseJce.getMac(hmacAlg);
> In case a specific crypto provider is customized.
>
> 200 SecretKey extractExpand(...
> 226 SecretKey extractExpand(SecretKey inputKey, ...
> These two methods are not used. I may suggest remove them for now.
> We can add them back if necessary in the future.
JJN: Yes to both of your suggested changes...they both sound fine.
>
>
> Xuelei
>
>
> On 5/25/2018 4:45 PM, Xuelei Fan wrote:
>> Hi,
>>
>> I'd like to invite you to review the TLS 1.3 implementation. I
>> appreciate it if I could have compatibility and specification
>> feedback before May 31, 2018, and implementation feedback before June
>> 7, 2018.
>>
>> Here is the webrev:
>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
>>
>> The formal TLS 1.3 specification is not finalized yet, although it
>> had been approved to be a standard. The implementation is based on
>> the draft version 28:
>> https://tools.ietf.org/html/draft-ietf-tls-tls13-28
>>
>> For the overall description of this enhancement, please refer to JEP
>> 332:
>> http://openjdk.java.net/jeps/332
>>
>> For the compatibility and specification update, please refer to CSR
>> 8202625:
>> https://bugs.openjdk.java.net/browse/JDK-8202625
>>
>> Note that we are using the sandbox for the development right now.
>> For more information, please refer to Bradford's previous email:
>>
>> http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html
>>
>> Thanks & Regards,
>> Xuelei
More information about the security-dev
mailing list