RFR CSR: JDK-8254709 (Support for EdDSA signature scheme in JSSE)

Bradford Wetmore bradford.wetmore at oracle.com
Thu Oct 15 18:19:10 UTC 2020


Like XDH, these...
->
Like XDH (i.e. x25519/x448), these...

You might provide a link to the original XDH JEP (JDK-8181595) and later 
CSR (JDK-8224520) and/or JDK-8171279.

and for use in automatic certificate selection for certificate messages.
->
and for use in certificate selection for certificate messages.

KeyManagers aren't required to be "automatic."  e.g. the old plugin used 
to popup a dialog box that waited for the user to select which key/cert 
to use.

What specific key values will be used on the KeyManager.*ClientAlias*()?

"signature_algorithms and signature_algorithms_cert"

I was originally going to suggest trying to describe these functions and 
whether they appear in TLSv1.2/1.3 but might be a little hard to 
explain, but might not be worth it.  Your call if so.

Otherwise, this looks good.  I've added myself as reviewer.

Brad



On 10/14/2020 2:08 PM, Sean Mullan wrote:
> In the Summary and Solution sections, can you be more specific as to 
> what TLS versions will be supported?
> 
> Can you also show what the order of signature schemes is before and 
> after the change, for each TLS version? I think this would make it more 
> clear about what the priority of the new schemes is.
> 
> Thanks,
> Sean
> 
> On 10/13/20 1:59 PM, Jamil Nimeh wrote:
>> Hi Folks,
>>
>> I just put out the draft CSR for the RFE that adds EdDSA support in 
>> JSSE.  If anyone has some spare cycles to review this I'd appreciate it.
>>
>> https://bugs.openjdk.java.net/browse/JDK-8254709
>>
>> Thanks,
>>
>> --Jamil
>>



More information about the security-dev mailing list