[14] RFR for 8235184: Deprecate the legacy elliptic curves for removal

Sean Mullan sean.mullan at oracle.com
Fri Dec 6 20:24:04 UTC 2019


Please review this change to deprecate, and eventually remove the native 
legacy implementations of elliptic curves in the SunEC provider.

These curves are not implemented using modern formulas and techniques. 
We have already replaced some of these curves (secp256r1, secp384r1, and 
secp512r1) with a more modern implementation -- see JDK-8208698 [1] for 
more details.

With a few exceptions, the remaining curves are rarely used in practice. 
It does not make sense to invest what would be a significant amount of 
resources to replace all of them. Most of these curves have also been 
deprecated or obsoleted by TLS specifications - see RFC 8446 [2] and RFC 
8422 [3].

If time and resources permit, a small number of them may be replaced 
with more modern implementations.

Only the CSR needs to be reviewed since this is a docs-only change:

   https://bugs.openjdk.java.net/browse/JDK-8235184

Thanks,
Sean

[1] https://bugs.openjdk.java.net/browse/JDK-8208698
[2] https://tools.ietf.org/html/rfc8446#appendix-B.3.1.4
[3] https://tools.ietf.org/html/rfc8422#section-5.1.1


More information about the security-dev mailing list