Fwd: Re: RFR[8u41]: MR 3 - ALPN & RSASSA-PSS in Java SE 8

Mon, 18 Nov 2019 14:44:56 -0800 


Should reply to all, here it is...

-------- Forwarded Message --------
Subject:        Re: RFR[8u41]: MR 3 - ALPN & RSASSA-PSS in Java SE 8
Date:   Mon, 18 Nov 2019 13:18:37 -0800
From:   Valerie Peng <valerie.p...@oracle.com>
Organization:   Oracle Corporation
To:     jdk8u-...@openjdk.java.net



Hi Brad,

Most changes look good. Just a nit and a question (please see below):

- src/share/classes/java/security/Signature.java: line 596 has @since 13
- As a side effect of this, I noticed that the default key size for RSA is
bumped up from 1024 to 2048 (see 
sun/security/util/SecurityProviderConstants.java
and src/share/classes/sun/security/rsa/RSAKeyPairGenerator.java). I wonder if
we may need to adjust the value in SecurityProviderConstrants.java back to 1024
for RSA and maybe use 2048 for RSASSA-PSS? Or, maybe can we bump RSA default
to 2048 as well?

Thanks,
Valerie

On 11/13/2019 6:05 PM, Bradford Wetmore wrote:

Xuelei/Valerie (+ any other codereviewers),
As announced on jdk8u-dev[1], there is a Maintenance Release in progress for Java SE 8 (i.e. JSR 337) [2] to include two security features important for TLS 1.3: 

1.  Application-Layer Protocol Negotiation (ALPN) [3][4]
2.  RSA Signature Scheme with Appendix: Probabilistic Signature Scheme (RSASSA-PSS) [5][6] 

The Enhancement and CSR IDs are footnoted above/below.
To ensure compatibility across the active Java releases, we are backporting the APIs introduced in Java SE 9 and 11 respectively to Java SE 8.
This email is a Request For Review (RFR) of the two major pieces for this MR: 

1.  ALPN:
http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u41/open/ALPN

2.  RSASSA-PSS:
http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u41/open/PSS
This includes the updates to the Specification and Reference Implementation (RI), which will be called JDK 8u41 [7].
Almost all of these changes are direct copies of the changesets applied in JDK 9+. 

In addition to these features:
1.  The file ADDITIONAL_LICENSE_INFO was added, which is identical to the same file in later releases.
2.  Truncated MessageDigests (i.e. SHA-512/224, SHA-512/256) were added to the SUN Provider to support the corresponding truncated RSASSA-PSS Signatures. 

Thanks,

Brad
[1] https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-November/010573.html 
[2] https://www.jcp.org/en/jsr/detail?id=337
[3] https://bugs.openjdk.java.net/browse/JDK-8230977
[4] https://bugs.openjdk.java.net/browse/JDK-8233417
[5] https://bugs.openjdk.java.net/browse/JDK-8230978
[6] https://bugs.openjdk.java.net/browse/JDK-8233418
[7] http://hg.openjdk.java.net/jdk8u/jdk8u41/

Reply via email to