Question on JDK-8058778 (New APIs for creating certificates and certificate requests)
Robert Sherwood
robert.sherwood at credentive.com
Tue Sep 26 14:09:13 UTC 2023
Ah, if I understand correctly, it’s more a question of whether full PKI functionality is something better provided by a third party e.g. BouncyCastle vs. maintaining it in the mainline JDK. That makes sense.
Thanks for the response!
Rob
From: Sean Mullan <sean.mullan at oracle.com>
Date: Tuesday, September 26, 2023 at 9:34 AM
To: Robert Sherwood <robert.sherwood at credentive.com>
Cc: security-dev at openjdk.org <security-dev at openjdk.org>
Subject: Re: Question on JDK-8058778 (New APIs for creating certificates and certificate requests)
Hi,
On Sep 26, 2023, at 6:19 AM, Robert Sherwood <robert.sherwood at credentive.com<mailto:robert.sherwood at credentive.com>> wrote:
Hello everyone – I hope this is not too silly a question.
I am doing some Java based PKI work for a client and have discovered the long outstanding JDK-8058778. I am curious about the difficulty of this request. I assume that it must be a very complicated problem to be open for so long.
It would be a significant amount of work to deliver this feature, but that is not the primary reason for why this work has not progressed.
It seems like a reasonable straightforward problem. Is this a reasonable issue for a newcomer (i.e. me) to work on or is there some hidden complexity that prevents it being resolved?
The bigger issue is whether something like this belongs in the Java Platform as a standard API. Essentially we would be including CA (Certificate Authority) functionality. This is more of a “batteries included or not" type of question. Also, keytool currently provides the ability to create X.509 certificates and supports most common extensions. While this is not an API, we have found it sufficient for creating test certificates, which is one of the more common use cases for this feature.
HTH,
Sean
Thanks,
Rob Sherwood
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230926/a0d29ed5/attachment.htm>
More information about the security-dev
mailing list