RFR: 8209092: Remove outdated wording from RC5ParameterSpec [v2]
Sean Mullan
mullan at openjdk.java.net
Wed Jun 9 21:20:18 UTC 2021
On Wed, 9 Jun 2021 20:55:42 GMT, Jack Hartstein <github.com+44308314+jackh2000 at openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java line 39:
>>
>>> 37: *
>>> 38: * <p> This class can be used to initialize a {@code Cipher} object that
>>> 39: * implements the <i>RC5</i> algorithm as specified in <a href="https://datatracker.ietf.org/doc/html/rfc2040">RFC 2040</a>.
>>
>> Try to keep lines to <= 80 chars. Maybe break after "in"
>
> Fixed. I'll check on the CSR.
This class already references RFC 2040 (see line 32) so on that basis a CSR for this specific change is probably not required.
But the "RC5" algorithm is listed as a standard algorithm in the Java Security Standard Algorithm Names specification but the definition does not reference RFC 2040: https://docs.oracle.com/en/java/javase/16/docs/specs/security/standard-names.html#cipher-algorithm-names
Instead it has this description: "Variable-key-size encryption algorithms developed by Ron Rivest for RSA Data Security, Inc.". That definition is somewhat dated and I think we should just replace this with "The RC5 algorithm as specified in RFC 2040" to match what you have in the javadoc. But that type of change probably requires a CSR since it would be modifying that specification.
I think you could either tackle that change as part of this, or file a follow-on issue to update the RC5 algorithm in the Standard Algorithm Names specification.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4443
More information about the security-dev
mailing list