JEP draft: Key Encapsulation Mechanism API

Wei-Jun Wang weijun.wang at oracle.com
Thu Jan 26 15:01:01 UTC 2023



> On Jan 26, 2023, at 12:48 AM, Xuelei Fan <xuelei.f at gmail.com> wrote:
> 
> 
>> On Jan 25, 2023, at 8:43 PM, Wei-Jun Wang <weijun.wang at oracle.com> wrote:
> 
> 
>> If someone really cares about the result of getProvider(), they should be careful no other thread calls encapsulation or decapsulation.
> 
> If no-one care about the result of getProvider(), is it possible to remove this method from the design?
> 
> With this method, the API is not easy to use, and the code is not easy to review, unless a developer read the class and methods spec very carefully, considering that the behavior differences impacted by calling sequences.
> 
> Anyway, calling sequence problems are known issues for JCA/JCE, just my $0.02 in case it helps to make the specification more clear, if you’d like to the tradition of JCA/JCE.

I see this method for every JCA class and would rather keep it.

--Max

> 
> Xuelei



More information about the security-dev mailing list