[14] RFR for 8235184: Deprecate the legacy elliptic curves for removal
Xuelei Fan
xuelei.fan at oracle.com
Sat Dec 7 03:55:14 UTC 2019
Looks fine to me. I added myself as reviewer.
Xuelei
On 12/6/2019 12:24 PM, Sean Mullan wrote:
> Please review this change to deprecate, and eventually remove the native
> legacy implementations of elliptic curves in the SunEC provider.
>
> These curves are not implemented using modern formulas and techniques.
> We have already replaced some of these curves (secp256r1, secp384r1, and
> secp512r1) with a more modern implementation -- see JDK-8208698 [1] for
> more details.
>
> With a few exceptions, the remaining curves are rarely used in practice.
> It does not make sense to invest what would be a significant amount of
> resources to replace all of them. Most of these curves have also been
> deprecated or obsoleted by TLS specifications - see RFC 8446 [2] and RFC
> 8422 [3].
>
> If time and resources permit, a small number of them may be replaced
> with more modern implementations.
>
> Only the CSR needs to be reviewed since this is a docs-only change:
>
> https://bugs.openjdk.java.net/browse/JDK-8235184
>
> Thanks,
> Sean
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8208698
> [2] https://tools.ietf.org/html/rfc8446#appendix-B.3.1.4
> [3] https://tools.ietf.org/html/rfc8422#section-5.1.1
More information about the security-dev
mailing list