CSR RFR: 8233228: Support named curves for all disabledAlgorithms
Sean Mullan
sean.mullan at oracle.com
Tue Dec 10 13:57:20 UTC 2019
In general, this CSR looks good. Here are my specific comments:
- The Scope should be "JDK" since these are JDK supported security
properties.
- The Fix Version should also include 7-pool.
- I would change the summary to "This change adds named elliptic curves
to the jdk.[tls|certpath|jar].disabledAlgorithms security properties."
- In the Summary and/or Solution sections, you should add that you are
disabling these legacy curves by default, and add some rationale as to
why we are doing that. I don't see that specifically mentioned anywhere.
- In the Solution section, missing a period at end of first sentence.
- In the Solution section, there is a typo in the property name
"jdk.disabled.NamedCurve" (should be plural).
- Typo: "full property name used" -> "full property name is used"
Comments in Specification section:
----------------------------------
1. Change:
+# in jdk.[tls|certpath|jar].disabledAlgorithms. To include this list
in any
to:
+# in the jdk.[tls|certpath|jar].disabledAlgorithms properties. To
include this list in any
2. We don't support the brainpoolP160r1, brainpoolP192r1,
brainpoolP224r1 curves, so these don't need to be listed.
3. +# properities. See the property for details.
Typo: "properties"
--Sean
On 12/9/19 1:10 PM, Anthony Scarpino wrote:
> I need a CSR review for the change with policy and property addition for
> 8233228.
>
> https://bugs.openjdk.java.net/browse/JDK-8235540
>
> Tony
>
More information about the security-dev
mailing list