RFR: 8277976: Break up SEQUENCE in X509Certificate::getSubjectAlternativeNames and X509Certificate::getIssuerAlternativeNames in otherName [v4]
Weijun Wang
weijun at openjdk.java.net
Tue Feb 15 16:07:09 UTC 2022
On Tue, 15 Feb 2022 15:59:42 GMT, Michael Osipov <duke at openjdk.java.net> wrote:
> > ```
> > 2. I feel a little uneasy of the new `if` and `otherwise` words inside parentheses, especially the second one which seems out of nowhere. Please suggest better wording if possible.
> > ```
>
>
> What about?
>
>
> ```
> and a fourth entry as either a string if {@code value} inside
> is a valid ASN.1 string (any of UTF8String, PrintableString, T61String, IA5String,
> UniversalString, BMPString, or GeneralString) or otherwise a byte array containing
> the ASN.1 DER encoding of {@code value} without the context-specific
> constructed tag with number 0.
> ```
Do not feel easy with the two `or`.
>
>
>
>
>
> > ```
> > 3. The string types I listed is only what we supported inside JDK and not all "restricted character string types". Is it appropriate to list them out in a specification? If not, shall I just say "a valid character string"? This brings more explanation to what "valid" means.
> > ```
>
>
> Yes, this makes it perfectly clear what is supported of out of the box.
But this also means if the internal implementation deep inside `DerValue::getAsString` is updated then this spec must be updated as well.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7167
More information about the security-dev
mailing list