Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

> On Apr 19, 2016, at 12:34 PM, Xuelei Fan wrote: > > Two minor comments about the spec. > > 1. DrbgParameters.Capability > The spec for each enum item is not very clear. Please add more comments > about the meaning and behavior of each item. OK. I probably should move the text in DrbgParamet

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

> On Apr 19, 2016, at 12:34 PM, Xuelei Fan wrote: > > Two minor comments about the spec. > > 1. DrbgParameters.Capability > The spec for each enum item is not very clear. Please add more comments > about the meaning and behavior of each item. OK. I probably should move the text in DrbgParamet

JGSS fails with KrbException: Message stream modified (41) on cross-realm intermediate/unexpected TGT

Hi, I am trying to obtain a service ticket for a cross-realm service within one hierarchy (forest). The root realm is COMPANY.NET, my realm is R004.COMPANY.NET, target realm is R002.COMPANY.NET and SPN ldap/server.r002.company.net. Host to realm mapping in my krb5.conf: [domain_realm] .r00

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

On 4/19/2016 4:05 PM, Wang Weijun wrote: >> > 2. DrbgParameters.Instantiate >> > Looks like this class would be better to an extendable individual class. >> > Declare this class as "static final" may limit it extension. > NIST SP 800-90A&C are quite clear on what parameters are required for a DRBG.

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

> On Apr 19, 2016, at 5:41 PM, Xuelei Fan wrote: > > On 4/19/2016 4:05 PM, Wang Weijun wrote: 2. DrbgParameters.Instantiate Looks like this class would be better to an extendable individual class. Declare this class as "static final" may limit it extension. >> NIST SP 800-90A&C ar

Re: JGSS fails with KrbException: Message stream modified (41) on cross-realm intermediate/unexpected TGT

If you are sure the exception is thrown from the code snippet you quoted, that is because Java's Kerberos 5 implementation requires that the service name in TGS_REP must match the one in the TGS_REQ. Otherwise it fails. MIT and SSPI support referral so the names can be different. The workaround

RE: JGSS fails with KrbException: Message stream modified (41) on cross-realm intermediate/unexpected TGT

Hi Max, > If you are sure the exception is thrown from the code snippet you quoted, > that is because Java's Kerberos 5 implementation requires that the service > name in TGS_REP must match the one in the TGS_REQ. Otherwise it fails. I am quite certain, I have attached the OpenJDK code in Eclipse

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

On 4/19/2016 6:39 PM, Wang Weijun wrote: >> > Anyway, minor comments. You can go with the current design, please let >> > me know. > I'd like to keep the current design. OK. Let's move on with the current design. Thanks, Xuelei

Re: JGSS fails with KrbException: Message stream modified (41) on cross-realm intermediate/unexpected TGT

> > Are there any plans to add referral support? Not yet. > Can we log this issue in bugs.openjdk.java.net/browse/JDK? You can always do that, but such a feature should be covered by a JEP. --Max

RE: JGSS fails with KrbException: Message stream modified (41) on cross-realm intermediate/unexpected TGT

> > Are there any plans to add referral support? > > Not yet. > > > Can we log this issue in bugs.openjdk.java.net/browse/JDK? > > You can always do that, but such a feature should be covered by a JEP. Only JDK devs have write access. All I can do is a bug report with http://bugreport.java.com

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

On 4/15/2016 9: > http://cr.openjdk.java.net/~weijun/8051408/webrev.10/ Please update copyright dates. src/java.base/share/classes/java/security/Provider.java --- 145-151: Looks like the comment are not correct. There are getInstance(alg,param

Re: JGSS fails with KrbException: Message stream modified (41) on cross-realm intermediate/unexpected TGT

> On Apr 19, 2016, at 8:48 PM, Osipov, Michael > wrote: > >>> Are there any plans to add referral support? >> >> Not yet. >> >>> Can we log this issue in bugs.openjdk.java.net/browse/JDK? >> >> You can always do that, but such a feature should be covered by a JEP. > > Only JDK devs have wr

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

> On Apr 19, 2016, at 9:09 PM, Xuelei Fan wrote: > > On 4/15/2016 9: >> http://cr.openjdk.java.net/~weijun/8051408/webrev.10/ > > Please update copyright dates. > > src/java.base/share/classes/java/security/Provider.java > --- > 145-151: Loo

RE: JGSS fails with KrbException: Message stream modified (41) on cross-realm intermediate/unexpected TGT

> > On Apr 19, 2016, at 8:48 PM, Osipov, Michael > wrote: > > > >>> Are there any plans to add referral support? > >> > >> Not yet. > >> > >>> Can we log this issue in bugs.openjdk.java.net/browse/JDK? > >> > >> You can always do that, but such a feature should be covered by a JEP. > > > > Only J

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

On 4/19/2016 11:41 PM, Wang Weijun wrote: >>> >> http://cr.openjdk.java.net/~weijun/8051408/webrev.10/ >> > >> > Please update copyright dates. >> > >> > src/java.base/share/classes/java/security/Provider.java >> > --- >> > 145-151: Looks like

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

> Webrev updated again at > > http://cr.openjdk.java.net/~weijun/8051408/webrev.10/ > http://cr.openjdk.java.net/~weijun/8051408/webrev.10/spec > http://cr.openjdk.java.net/~weijun/8051408/webrev.10/specdiff Some initial comments. security/java.security == 123-133: Would you

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

> On Apr 20, 2016, at 7:41 AM, Xuelei Fan wrote: > > On 4/19/2016 11:41 PM, Wang Weijun wrote: >> http://cr.openjdk.java.net/~weijun/8051408/webrev.10/ Please update copyright dates. src/java.base/share/classes/java/security/Provider.java --

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

On 4/20/2016 9:17 AM, Wang Weijun wrote: > >> On Apr 20, 2016, at 7:41 AM, Xuelei Fan wrote: >> >> On 4/19/2016 11:41 PM, Wang Weijun wrote: >>> http://cr.openjdk.java.net/~weijun/8051408/webrev.10/ > > Please update copyright dates. > > src/java.base/share/classes/java/securi

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

> On Apr 20, 2016, at 8:54 AM, Bradford Wetmore > wrote: > > > Webrev updated again at > > > > http://cr.openjdk.java.net/~weijun/8051408/webrev.10/ > > http://cr.openjdk.java.net/~weijun/8051408/webrev.10/spec > > http://cr.openjdk.java.net/~weijun/8051408/webrev.10/specdiff > > Some initial

Re: JGSS fails with KrbException: Message stream modified (41) on cross-realm intermediate/unexpected TGT

> On Apr 20, 2016, at 4:35 AM, Osipov, Michael > wrote: > >> >> It has not listed RFC 6806. > > Exactly, that's the RFC I am talking about. Thank you for bringing this up. > People once in while ask for client referrals on Stack Overflow [3], I'd > rather see server referrals. Anyway, if you

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

On 4/19/2016 9:09 PM, Xuelei Fan wrote: > On 4/15/2016 9: >> http://cr.openjdk.java.net/~weijun/8051408/webrev.10/ src/java.base/share/classes/sun/security/provider/AbstractDrbg.java === line 66-68: My understanding is that ... I wo

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

> On Apr 20, 2016, at 11:34 AM, Xuelei Fan wrote: > > On 4/19/2016 9:09 PM, Xuelei Fan wrote: >> On 4/15/2016 9: >>> http://cr.openjdk.java.net/~weijun/8051408/webrev.10/ > > src/java.base/share/classes/sun/security/provider/AbstractDrbg.java > =

Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

On 4/20/2016 12:00 PM, Wang Weijun wrote: > >> On Apr 20, 2016, at 11:34 AM, Xuelei Fan wrote: >> >> On 4/19/2016 9:09 PM, Xuelei Fan wrote: >>> On 4/15/2016 9: http://cr.openjdk.java.net/~weijun/8051408/webrev.10/ >> >> src/java.base/share/classes/sun/security/provider/AbstractDrbg.java >>