RFR 8223053: [xmldsig] Add KeyValue::EC_TYPE
Weijun Wang
weijun.wang at oracle.com
Sat May 25 00:37:51 UTC 2019
The CSR is approved. Are you OK with the schema definition referencing "ECParametersType" but not defining it.
If yes, I'll push the change.
Thanks,
Nax
> On May 14, 2019, at 8:50 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>
>
>
>> On May 13, 2019, at 10:51 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> On 5/10/19 8:07 PM, Weijun Wang wrote:
>>>> On May 11, 2019, at 4:44 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>>>
>>>> On 5/10/19 5:04 AM, Weijun Wang wrote:
>>>>> Please take a review at the CSR at
>>>>> https://bugs.openjdk.java.net/browse/JDK-8223682
>
> Updated with @since 13 and no more @implNote.
>
> Thanks,
> Max
>
>>>>
>>>> Add an "@since 13" to the new constant.
>>>>
>>>>> The text is copied from 4.5.2 and 4.5.2.3 of https://www.w3.org/TR/xmldsig-core/.
>>>>> One thing I am not sure is that I haven't include the definition of ECParameters in 4.5.2.3.1 which is quite long. While I added an @implNote saying ECParameters is not supported in this implementation, I understand @implNote is not really a part of the spec and it's not the reason I omit the definition of ECParameters. If you believe it should be included, I'll add it, or add a link.
>>>>
>>>> I would leave out the implNote completely. It doesn't seem the right place to put it, since this is an interface. What is the reason ECParameters is not supported?
>>> Maybe a little complicated?
>>> https://github.com/apache/santuario-java/blob/fa12dc57a16fbcd637c2aac6f3af3db19fe4b187/src/main/java/org/apache/xml/security/keys/content/keyvalues/ECKeyValue.java#L171
>>
>> Yes, perhaps, or more likely because it is optional to support ECParameters.
>>
>> Section 4.5.2.3 of the XML Signature Recommendation says:
>>
>> "Conformant applications must support the dsig11:NamedCurve element and the 256-bit prime field curve as identified by the OID 1.2.840.10045.3.1.7."
>>
>> --Sean
>>
>>> --Max
>>>>
>>>> --Sean
>>>>
>>>>> The code change is exactly the same as the specification, so no webrev.
>>>>> Thanks,
>>>>> Max
>
More information about the security-dev
mailing list