Algorithm aliases of SHA-1 in DisabledAlgorithmConstraints
Xuelei Fan
xuelei.fan at oracle.com
Tue Mar 13 15:54:05 UTC 2018
On 3/13/2018 1:06 AM, Weijun Wang wrote:
>
>
>> On Mar 12, 2018, at 10:41 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> I would tend to think that we should only specify (or guarantee) that standard names are checked and used in the disabled algorithm properties.
>
> But this means first we must only set standard names in the properties. What if someone sets a non-standard one? Do we just accept it as a raw string and only reject an algorithm if it is also using the non-standard name?
>
Where does the non-standard name come from? Maybe, before calling into
the crypto constraints methods, the name can be standardized.
Xuelei
More information about the security-dev
mailing list