RFR CSR: JDK-8254709 (Support for EdDSA signature scheme in JSSE)
Bradford Wetmore
bradford.wetmore at oracle.com
Thu Oct 15 18:19:10 UTC 2020
Like XDH, these...
->
Like XDH (i.e. x25519/x448), these...
You might provide a link to the original XDH JEP (JDK-8181595) and later
CSR (JDK-8224520) and/or JDK-8171279.
and for use in automatic certificate selection for certificate messages.
->
and for use in certificate selection for certificate messages.
KeyManagers aren't required to be "automatic." e.g. the old plugin used
to popup a dialog box that waited for the user to select which key/cert
to use.
What specific key values will be used on the KeyManager.*ClientAlias*()?
"signature_algorithms and signature_algorithms_cert"
I was originally going to suggest trying to describe these functions and
whether they appear in TLSv1.2/1.3 but might be a little hard to
explain, but might not be worth it. Your call if so.
Otherwise, this looks good. I've added myself as reviewer.
Brad
On 10/14/2020 2:08 PM, Sean Mullan wrote:
> In the Summary and Solution sections, can you be more specific as to
> what TLS versions will be supported?
>
> Can you also show what the order of signature schemes is before and
> after the change, for each TLS version? I think this would make it more
> clear about what the priority of the new schemes is.
>
> Thanks,
> Sean
>
> On 10/13/20 1:59 PM, Jamil Nimeh wrote:
>> Hi Folks,
>>
>> I just put out the draft CSR for the RFE that adds EdDSA support in
>> JSSE. If anyone has some spare cycles to review this I'd appreciate it.
>>
>> https://bugs.openjdk.java.net/browse/JDK-8254709
>>
>> Thanks,
>>
>> --Jamil
>>
More information about the security-dev
mailing list