yklymenko commented on PR #293:
URL:
https://github.com/apache/santuario-xml-security-java/pull/293#issuecomment-2010377978
> My suggestion is To remove DH("DH", "PKCS #3", KeyAlgorithmType.DH,
"1.2.840.113549.1.3.1"), From KeyType
>
> The Diffie-Hellman key agreement using RSA keys is gradually becoming
obsolete and currently, it is not supported by the xmlsec key agreement method
implementation. I included it there primarily for the sake of completeness,
anticipating that someone might (but not very likely) add support for
Diffie-Hellman in the future.
>
> Beside CodeQL marks it as potentially unsecure:
In general, I've looked in BC how they decide, which oid should be used.
They have both oid's as aliases and select one of them depending on
configuration in
org.bouncycastle.jcajce.provider.asymmetric.dh.BCDHPublicKey#getEncoded (see
both return statements)
Sure, I can delete two or three lines to make it green again, but I'm not
sure, that this should be a part of this PR
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
