Thanks for the comments, there are only < 3 months left for this to be
implemented.
Besides just assigning the mech numbers, we need the underlying PKCS11
library (Solaris or NSS) to support SHA-3.
Once we have that, enhancing SunPKCS11 provider is fairly trivial and
can be done via an RFE.
I think it makes more sense to not include PKCS11 into this JEP unless
SHA-3 is already supported by the underlying PKCS11 library.
It's not like we won't support SHA-3 in SunPKCS11 provider ever, it's
just done at a later time, may be very soon but that depends on how fast
SHA-3 support will be added to the native PKCS11 library.
Regards,
Valerie
On 2/23/2016 3:57 PM, Michael StJohns wrote:
On 2/17/2016 7:49 PM, Valerie Peng wrote:
Please review this drafted JEP for adding SHA-3 Hash Algorithm
support to JDK 9:
https://bugs.openjdk.java.net/browse/JDK-8064399
Thanks,
Valerie
This looks pretty good. However, I wouldn't throw PKCS11 to the side
of the road.
https://wiki.oasis-open.org/pkcs11/Meetingminutes/Minutes13012016
suggests that PKCS11 will have the mechanism numbers probably before
you get this approved and implemented. If you ask, they may be
willing to assign the mechanism numbers prior to the release of the
document, and that's really all that's necessary.
Mike
