You deleted DES but not DESede. Was that intentional? Sent from my iPad
> On Nov 7, 2019, at 17:12, Sean Mullan <sean.mul...@oracle.com> wrote: > > Ok, I have put back the Cipher algorithms with ECB mode that I had > previously removed (except for DES/ECB which is still removed). > > Updated webrev: https://cr.openjdk.java.net/~mullan/webrevs/8214483/webrev.01/ > > --Sean > >> On 11/6/19 5:43 PM, Michael StJohns wrote: >>> On 11/6/2019 11:27 AM, Sean Mullan wrote: >>> Please remove this change to remove the Java SE requirements to implement >>> security algorithms based on DES, MD5, or ECB. It makes sense to >>> periodically review these requirements and remove algorithms or modes that >>> are known to be weak and of which usage has declined significantly and thus >>> compatibility risk is much lower. >>> >>> Note that we are not removing the actual implementations of these >>> algorithms from the JDK. This just means that an SE implementation is not >>> required to support these algorithms. >>> >>> webrev: https://cr.openjdk.java.net/~mullan/webrevs/8214483/webrev.00/ >>> CSR: https://bugs.openjdk.java.net/browse/JDK-8233607 >>> >>> Thanks, >>> Sean >>> >> I don't have a problem with removing DES or MD5 from the must-implement >> list, but ECB is a fundamental building block mode. It's going to be how >> you implement a new mode before there's specific support for that mode. >> Pretty much any mode can be implemented using ECB as its only real crypto >> operation. E.g. CBC, CTR, CCM, GCM, CFB, OFB etc are all wrapped around >> ECB in some form. Please continue to require that it be implemented. >> Policy MAY restrict the use of the mode for a given key, but that's a >> provider issue. >> Mike
