Re: RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v4]

2021-04-07 Thread Hai-May Chao
On Fri, 2 Apr 2021 11:52:16 GMT, Weijun Wang wrote: >>> Maybe we don't need to resolve it in this code change. If we look carefully >>> at RFC 8410 Sections 10.1 and 10.2, it shows the X25519 certificate in 10.2 >>> is using the signer's SKID in 10.1 as its own SKID and it has no AKID. >>>

Re: RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v4]

2021-04-07 Thread Hai-May Chao
On Fri, 2 Apr 2021 01:40:16 GMT, Weijun Wang wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> update with review comments > > src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1978: > >> 1976:

Re: RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v4]

2021-04-02 Thread Weijun Wang
On Fri, 2 Apr 2021 04:03:50 GMT, Xue-Lei Andrew Fan wrote: >> Maybe we don't need to resolve it in this code change. If we look carefully >> at RFC 8410 Sections 10.1 and 10.2, it shows the X25519 certificate in 10.2 >> is using the signer's SKID in 10.1 as its own SKID and it has no AKID. >>

Re: RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v4]

2021-04-01 Thread Xue-Lei Andrew Fan
On Fri, 2 Apr 2021 01:56:15 GMT, Weijun Wang wrote: > Maybe we don't need to resolve it in this code change. If we look carefully > at RFC 8410 Sections 10.1 and 10.2, it shows the X25519 certificate in 10.2 > is using the signer's SKID in 10.1 as its own SKID and it has no AKID. > Currently,

Re: RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v4]

2021-04-01 Thread Weijun Wang
On Fri, 2 Apr 2021 01:56:15 GMT, Weijun Wang wrote: >> Only a few minor comments. Approved. > > Maybe we don't need to resolve it in this code change. If we look carefully > at RFC 8410 Sections 10.1 and 10.2, it shows the X25519 certificate in 10.2 > is using the signer's SKID in 10.1 as its

Re: RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v4]

2021-04-01 Thread Weijun Wang
On Fri, 2 Apr 2021 01:44:03 GMT, Weijun Wang wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> update with review comments > > Only a few minor comments. Approved. Maybe we don't need to resolve it in this code

Re: RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v4]

2021-04-01 Thread Weijun Wang
On Thu, 1 Apr 2021 23:36:04 GMT, Hai-May Chao wrote: >> Please review the changes that adds the -signer option to keytool >> -genkeypair command. As key agreement algorithms do not have a signing >> algorithm, the specified signer's private key will be used to sign and >> generate a key

Re: RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v4]

2021-04-01 Thread Hai-May Chao
> Please review the changes that adds the -signer option to keytool -genkeypair > command. As key agreement algorithms do not have a signing algorithm, the > specified signer's private key will be used to sign and generate a key > agreement certificate. > CSR review is at: