RFR [11] CSR for "Add Brainpool ECC support (RFC 5639)"

Valerie Peng valerie.peng at oracle.com
Wed Jun 20 23:06:41 UTC 2018


Are you asking about CSR or existing bug for including Brainpool support 
in TLS?

I saw some bugs which mentions errors/exceptions which brainpool is 
used, e.g. JSSE has https://bugs.openjdk.java.net/browse/JDK-7189107, 
key tool has https://bugs.openjdk.java.net/browse/JDK-8201290. After 
this brainpool support is integrated, it'll be easier to re-evaluate these.

As for PKCS11, Tobias tested this against a 3rd party PKCS11 library and 
the result is positive if I recall correctly.

Thanks,
Valerie

On 6/18/2018 1:26 PM, Bernd Eckenfels wrote:
>
> Hello,
>
> not a Reviewer, but some Questions on the CSR:
>
>   * Are there other CSRs for including in TLS?
>   * I also wonder if PKI (CA Signatures) will work out of the box then
>     (OID aliases?)
>   * Does PKCS11 require additional changes? (especially for the
>     Government use mentioned in the justification HSMs are often
>     mandatory)
>
> Gruss
>
> Bernd
>
> -- 
> http://bernd.eckenfels.net
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180620/8aa38750/attachment.htm>


More information about the security-dev mailing list