[14] RFR for 8235184: Deprecate the legacy elliptic curves for removal

Xuelei Fan xuelei.fan at oracle.com
Sat Dec 7 03:55:14 UTC 2019


Looks fine to me.  I added myself as reviewer.

Xuelei

On 12/6/2019 12:24 PM, Sean Mullan wrote:
> Please review this change to deprecate, and eventually remove the native 
> legacy implementations of elliptic curves in the SunEC provider.
> 
> These curves are not implemented using modern formulas and techniques. 
> We have already replaced some of these curves (secp256r1, secp384r1, and 
> secp512r1) with a more modern implementation -- see JDK-8208698 [1] for 
> more details.
> 
> With a few exceptions, the remaining curves are rarely used in practice. 
> It does not make sense to invest what would be a significant amount of 
> resources to replace all of them. Most of these curves have also been 
> deprecated or obsoleted by TLS specifications - see RFC 8446 [2] and RFC 
> 8422 [3].
> 
> If time and resources permit, a small number of them may be replaced 
> with more modern implementations.
> 
> Only the CSR needs to be reviewed since this is a docs-only change:
> 
>    https://bugs.openjdk.java.net/browse/JDK-8235184
> 
> Thanks,
> Sean
> 
> [1] https://bugs.openjdk.java.net/browse/JDK-8208698
> [2] https://tools.ietf.org/html/rfc8446#appendix-B.3.1.4
> [3] https://tools.ietf.org/html/rfc8422#section-5.1.1


More information about the security-dev mailing list