CSR RFR: 8233228: Support named curves for all disabledAlgorithms
Anthony Scarpino
anthony.scarpino at oracle.com
Tue Dec 10 22:37:38 UTC 2019
I believe I have address all the comments in the updated CSR. I have
also added the "include" keyword for the new property along with the
description for it's use.
However, regarding the brainpool curves, the ones you say that we do not
support are in CurveDB.java. It was my impression that CurveDB provided
the parameters to create these named curves. Where do you see that
those 3 curves are not supported?
Tony
On 12/10/19 5:57 AM, Sean Mullan wrote:
> In general, this CSR looks good. Here are my specific comments:
>
> - The Scope should be "JDK" since these are JDK supported security
> properties.
>
> - The Fix Version should also include 7-pool.
>
> - I would change the summary to "This change adds named elliptic curves
> to the jdk.[tls|certpath|jar].disabledAlgorithms security properties."
>
> - In the Summary and/or Solution sections, you should add that you are
> disabling these legacy curves by default, and add some rationale as to
> why we are doing that. I don't see that specifically mentioned anywhere.
>
> - In the Solution section, missing a period at end of first sentence.
>
> - In the Solution section, there is a typo in the property name
> "jdk.disabled.NamedCurve" (should be plural).
>
> - Typo: "full property name used" -> "full property name is used"
>
> Comments in Specification section:
> ----------------------------------
>
> 1. Change:
>
> +# in jdk.[tls|certpath|jar].disabledAlgorithms. To include this list
> in any
>
> to:
>
> +# in the jdk.[tls|certpath|jar].disabledAlgorithms properties. To
> include this list in any
>
> 2. We don't support the brainpoolP160r1, brainpoolP192r1,
> brainpoolP224r1 curves, so these don't need to be listed.
>
> 3. +# properities. See the property for details.
>
> Typo: "properties"
>
> --Sean
>
> On 12/9/19 1:10 PM, Anthony Scarpino wrote:
>> I need a CSR review for the change with policy and property addition
>> for 8233228.
>>
>> https://bugs.openjdk.java.net/browse/JDK-8235540
>>
>> Tony
>>
More information about the security-dev
mailing list