[14] RFR for 8235184: Deprecate the legacy elliptic curves for removal
Sean Mullan
sean.mullan at oracle.com
Fri Dec 6 20:24:04 UTC 2019
Please review this change to deprecate, and eventually remove the native
legacy implementations of elliptic curves in the SunEC provider.
These curves are not implemented using modern formulas and techniques.
We have already replaced some of these curves (secp256r1, secp384r1, and
secp512r1) with a more modern implementation -- see JDK-8208698 [1] for
more details.
With a few exceptions, the remaining curves are rarely used in practice.
It does not make sense to invest what would be a significant amount of
resources to replace all of them. Most of these curves have also been
deprecated or obsoleted by TLS specifications - see RFC 8446 [2] and RFC
8422 [3].
If time and resources permit, a small number of them may be replaced
with more modern implementations.
Only the CSR needs to be reviewed since this is a docs-only change:
https://bugs.openjdk.java.net/browse/JDK-8235184
Thanks,
Sean
[1] https://bugs.openjdk.java.net/browse/JDK-8208698
[2] https://tools.ietf.org/html/rfc8446#appendix-B.3.1.4
[3] https://tools.ietf.org/html/rfc8422#section-5.1.1
More information about the security-dev
mailing list