RFR: 8245527: LDAP Cnannel Binding support for Java GSS/Kerberos
Alexey Bakhtin
alexey at azul.com
Wed Jun 10 09:03:53 UTC 2020
Hello Sean,
The link to CSR for this feature : https://bugs.openjdk.java.net/browse/JDK-8247311
Regards
Alexey
> On 9 Jun 2020, at 19:50, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> On 6/9/20 12:40 PM, Xuelei Fan wrote:
>> About the prefix, it may follow RFC 5056 (See page 7, section 2.1).
>> o Specifications of channel bindings for any secure channels MUST
>> provide for a single, canonical octet string encoding of the
>> channel bindings. Under this framework, channel bindings MUST
>> start with the channel binding unique prefix followed by a colon
>> (ASCII 0x3A).
>
> Thanks! Easy to miss.
>
> I would recommend adding more comments in the code (ex, in TLSChannelBinding) pointing to that RFC section, and other RFCs such 5929 for the tls cbtypes. Also, this RFC (and other specifications such as RFC 5959) should be listed in the CSR so that we document precisely what encodings and types the JDK implementation supports and is using.
>
> --Sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20200610/bf0d9e05/signature.asc>
More information about the security-dev
mailing list