RFR: 8349732: Add support for JARs signed with ML-DSA [v12]
Weijun Wang
weijun at openjdk.org
Fri Nov 7 14:33:06 UTC 2025
On Thu, 6 Nov 2025 19:19:15 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - rename DataFecther to RepositoryFileReader
>> - more comments for DataFetcher
>
> test/jdk/sun/security/pkcs/pkcs7/DigestConformance.java line 47:
>
>> 45: import java.util.Map;
>> 46:
>> 47: public class DigestConformance {
>
> Maybe call this `MLDSADigestConformance` or are you thinking you will enhance it to support EdDSA, etc?
I'll rename it. No plan to add others at the moment.
> test/jdk/sun/security/provider/pqc/ML_DSA_CMS.java line 50:
>
>> 48: // See https://datatracker.ietf.org/doc/html/rfc9882#name-examples
>> 49: try (var cmsReader = RepositoryFileReader.of(CMS_ML_DSA.class,
>> 50: "cms-ml-dsa-draft-ietf-lamps-cms-ml-dsa-07/");
>
> Can we call this "RFC9882" instead?
That's the prefix used in the latest ZIP bundle on https://github.com/lamps-wg/cms-ml-dsa/tags. I'll add more comment.
> test/jdk/sun/security/provider/pqc/ML_DSA_CMS.java line 52:
>
>> 50: "cms-ml-dsa-draft-ietf-lamps-cms-ml-dsa-07/");
>> 51: var dsaReader = RepositoryFileReader.of(DILITHIUM_CERTIFICATES.class,
>> 52: "dilithium-certificates-draft-ietf-lamps-dilithium-certificates-13/")) {
>
> Similarly, can we call this "RFC9881"?
Same.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2503843190
PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2503833426
PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2503834109
More information about the security-dev
mailing list