RFR: 8298127: HSS/LMS Signature Verification [v10]

Weijun Wang weijun at openjdk.org
Thu May 11 17:31:48 UTC 2023


On Thu, 11 May 2023 16:33:25 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Ferenc Rakoczi has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Reintroduced Length for HSSPublicKey, added more @Override annotations
>
> src/java.base/share/classes/sun/security/provider/HSS.java line 719:
> 
>> 717: 
>> 718:         @java.io.Serial
>> 719:         protected Object writeReplace() throws java.io.ObjectStreamException {
> 
> I think the serialized form of an HSSPublicKey should also be specified in the CSR since this Key is returned from a standard API. I think you can add a simple sentence such as:
> 
> "The Keys returned by an "HSS/LMS" `KeyFactory` are `Serializable` and use `java.security.KeyRep` as its serialized representation with the fields set as follows: type = `KeyRep.Type.PUBLIC`, algorithm = "HSS/LMS", format = "X.509", and encoded = the DER encoded bytes ..."

I added a paragraph to the CSR, although it's already approved several days ago.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1191492222


More information about the security-dev mailing list