On 7/16/2014 4:41 PM, Wang Weijun wrote: > Hi Xuelei > > A *primitive* version of webrev available at > > http://cr.openjdk.java.net/~weijun/8038089/webrev.00 > > Please confirm this is the way you like it. > I have not read too much about the details of the update. But looks like it is in the right way.
> ExternalCipherSuite is the service interface and Krb5CipherSuite implements > it. It's a modification of the old Krb5Proxy but I've moved as many as > Kerberos-related codes to the implementation side so it has less methods now. > > Most likely we will define this new interface in a public package. > If krb5 is the only external implementation of TLS cipher suites, I think, we may want to try the best not to define public interface if possible. Thanks, Xuelei > I didn't touch any core SSL classes except for ClientHandshaker and > ServerHandShaker. If you think there are other places too closely connected > with kerberos, please let me know. > > Ideally, those > > case K_KRB5: case K_KRB5_EXPORT: > Krb5Helper.doXXX(...): > > should be something like > > default: > getExternalHelper(keyExchange).doXXX(...) > > but I guess we won't do that unless we know there will be a second > implementation. > > Thanks > Max > > > > > >
