For one, it makes the user specify what they want, perhaps learning
about certificates and making an educated choice. Secondly, and more
importantly, it would not making it our decisions what is a default
secure algorithm for all of java.
Tony
On 10/10/2018 06:33 PM, Weijun Wang wrote:
I do
I don't know what benefit it brings to a user to remove the default. Except
from forcing DSA users to add a -keyalg option, RSA and EC users will not gain
anything.
--Max
> On Oct 11, 2018, at 5:05 AM, Anthony Scarpino
> wrote:
>
> On 10/10/2018 07:42 AM, Weijun Wang wrote:
>>> On Oct 10, 20
It might not apply to this specific default but in the past DSA was often
chosen (over RSA) as a default as it was regarded as less suspicious to been
understood as an encryption capable algorithm (as opposed to RSA). But of
course that thinking was never correct and the justification for interp
On 10/10/2018 07:42 AM, Weijun Wang wrote:
On Oct 10, 2018, at 7:59 PM, Sean Mullan wrote:
There is really no other reason other than DSA keys have been the default
keypairs generated by keytool for a long time, so there are some compatibility
issues we would have to think through before c
On 10/10/2018 10:42 AM, Weijun Wang wrote:
On Oct 10, 2018, at 7:59 PM, Sean Mullan wrote:
There is really no other reason other than DSA keys have been the default
keypairs generated by keytool for a long time, so there are some compatibility
issues we would have to think through before ch
On Wed, Oct 10, 2018 at 3:10 AM, Weijun Wang wrote:
>
>
> > On Oct 10, 2018, at 1:07 AM, Martin Buchholz
> wrote:
> >
> > Seems alright to this non-crypto expert.
> >
> > The key thing I would like to see working is:
> >
> > If I create a keystore for cacerts and then use it via
> -with-cacerts-
Looks good to me.
-- Jon
On 10/10/18 9:33 AM, Sean Mullan wrote:
Please review this trivial fix to correct a couple of broken hyperlinks:
diff --git
a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/Reference.java
b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/Reference.j
Please review this trivial fix to correct a couple of broken hyperlinks:
diff --git
a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/Reference.java
b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/Reference.java
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/Re
Thanks for the review Adam. I've corrected those style issues.
Now waiting on 2nd Reviewer.
Regards,
Sean.
On 08/10/18 19:18, Adam Petcher wrote:
The organization is better now, thanks. The code looks good to me, but
I would like to request another review from Tony (or someone else who
is f
> On Oct 10, 2018, at 7:59 PM, Sean Mullan wrote:
>
> There is really no other reason other than DSA keys have been the default
> keypairs generated by keytool for a long time, so there are some
> compatibility issues we would have to think through before changing it to
> another algorithm
Looks good to me.
--Sean
On 10/9/18 8:21 PM, Weijun Wang wrote:
Please review the fix at
http://cr.openjdk.java.net/~weijun/8211969/webrev.00/
The wrong path was never noticed because we ignore missing files. Now that we
only look for the open one and it should always be there, we will n
Hi Sean,
On Wed, 2018-10-10 at 07:59 -0400, Sean Mullan wrote:
> On 10/10/18 6:23 AM, Severin Gehwolf wrote:
> > Hi,
> >
> > What is the rationale of using DSA keys (2048 bit) as default for
> > genkeypair command?
> > http://hg.openjdk.java.net/jdk/jdk/file/c4a39588a075/src/java.base/share/class
On 10/10/18 8:06 AM, Alan Bateman wrote:
On 09/10/2018 21:55, Nico Williams wrote:
On Tue, Oct 09, 2018 at 04:31:07PM -0400, Sean Mullan wrote:
On 10/9/18 4:04 PM, Nico Williams wrote:
In order to file a bug or post a patch, you need to be an author
first. Read here:http://openjdk.java.net/p
On 09/10/2018 21:55, Nico Williams wrote:
On Tue, Oct 09, 2018 at 04:31:07PM -0400, Sean Mullan wrote:
On 10/9/18 4:04 PM, Nico Williams wrote:
In order to file a bug or post a patch, you need to be an author
first. Read here:http://openjdk.java.net/projects/#project-author.
So it seems I n
On 10/10/18 6:23 AM, Severin Gehwolf wrote:
Hi,
What is the rationale of using DSA keys (2048 bit) as default for
genkeypair command?
http://hg.openjdk.java.net/jdk/jdk/file/c4a39588a075/src/java.base/share/classes/sun/security/tools/keytool/Main.java#l1120
There is really no other reason othe
Hi,
What is the rationale of using DSA keys (2048 bit) as default for
genkeypair command?
http://hg.openjdk.java.net/jdk/jdk/file/c4a39588a075/src/java.base/share/classes/sun/security/tools/keytool/Main.java#l1120
It seems a bad choice given that DSA keys are disabled via Fedora's
crypto policy (
> On Oct 10, 2018, at 1:07 AM, Martin Buchholz wrote:
>
> Seems alright to this non-crypto expert.
>
> The key thing I would like to see working is:
>
> If I create a keystore for cacerts and then use it via -with-cacerts-file
> taking the defaults, this results in goodness (which presumabl
17 matches
Mail list logo
