RFR 8214024: Remove the default keytool -keyalg value
Weijun Wang
weijun.wang at oracle.com
Tue Nov 5 01:14:58 UTC 2019
Added. I thought everyone knows DES is weak and there's no need to emphasis it.
--Max
> On Nov 5, 2019, at 12:16 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> On 11/1/19 11:07 PM, Weijun Wang wrote:
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8214024
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8233427
>
> For the CSR, in the Problem section, you should add a similar statement/reference about DES being weak as you do for DSA, for example:
>
> https://www.nist.gov/news-events/news/2005/06/nist-withdraws-outdated-data-encryption-standard
>
> and:
>
> https://tools.ietf.org/html/rfc4772
>
>> Webrev: http://cr.openjdk.java.net/~weijun/8214024/webrev.00/
>
> Will look at the code changes later.
>
> --Sean
>
>> For most test changes, I simply added a "-keyalg DSA" to preserve the old behavior.
>> DeprecateKeyAlg.java is renamed to RemoveKeyAlgDefault.java and detection of warnings is changed to that of errors. 3 lines in this test are moved to another test.
>> Thanks,
>> Max
More information about the security-dev
mailing list