RFR 8213400: Support choosing curve name in keytool keypair generation
Weijun Wang
weijun.wang at oracle.com
Tue Nov 27 01:32:44 UTC 2018
Ping
> On Nov 15, 2018, at 9:24 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>
>
>
>> On Nov 15, 2018, at 3:53 AM, Adam Petcher <adam.petcher at oracle.com> wrote:
>>
>> This looks good to me, though I made a couple of trivial editorial changes. It's fine as is, but you may want to consider using secp384r1 instead of brainpool256r1 in your example. I worry that people will experiment with the new feature using your example, and then we'll get bug tickets because the resulting keystore doesn't work with TLS.
>
> This is exactly the advice I need from an expert.
>
> However, secp384r1 is already the default choice for `-keysize 384`. Do you have another recommendation that has to be set with `-groupname`?
>
> Thanks
> Max
>
>>
>> On 11/13/2018 7:56 PM, Weijun Wang wrote:
>>> Thanks. Please also take a look at the release note at https://bugs.openjdk.java.net/browse/JDK-8213821.
>>>
>>> --Max
>>>
>>>> On Nov 13, 2018, at 11:02 PM, Adam Petcher <adam.petcher at oracle.com> wrote:
>>>>
>>>> This change looks good to me. Thanks.
>>>>
>
More information about the security-dev
mailing list