Replies inline below. I've removed the items I agree with for simplicity. > On May 30, 2020, at 3:32 AM, Sean Mullan <sean.mul...@oracle.com> wrote: > > On 5/23/20 4:21 AM, Weijun Wang wrote: >> CSR updated at https://bugs.openjdk.java.net/browse/JDK-8245274 with the >> full patch on docs. > > - Comments on the Specification section: > > Some of this wording where you discuss what is going to be done in jarsigner > and the tool doc seems more like it belongs in the Solution section, but it > may be ok either way (not sure, I guess Joe will let you know if it is an > issue). > > +RSASSA-PSS \<= 3072 RSASSA-PSS using SHA-256 > + \<= 7680 RSASSA-PSS using SHA-384 > + \> 7680 RSASSA-PSS using SHA-512 > > It might be better to be more specific, for example "RSASSA-PSS with the > SHA-256 message digest algorithm" I used the term "with" as that is the word > we use in the standard signature algorithm strings.
Can I simply say "RSASSA-PSS with SHA-256"? Otherwise the text is much longer than the other rows. That said, we have enough width and no need to wrap. Also, we used to say HASHwithENC, but here it's "ENC with HASH". Hopefully this will not make people laugh. > > > +for keysize \<= 3072 bits, use a `PSSParameterSpec` with SHA-256 as the hash > > s/use a `PSSParameterSpec`/a `PSSParameterSpec` will be used/ > > +and MGF1 algorithms; for keysize \<= 7680 bits, use SHA-384; for > +keysize \>= 7680 bits, use SHA-512. > > s/use SHA-384/SHA-384 will be used/ > s/use SHA-512/SHA-512 will be used/ My original text is Precisely, for keysize \<= 3072 bits, use a `PSSParameterSpec` with SHA-256 as the hash and MGF1 algorithms; for keysize \<= 7680 bits, use SHA-384; for keysize \>= 7680 bits, use SHA-512. So the object of "use" here is the PSSParameterSpec. If I change it to passive voice, it will be a `PSSParameterSpec` with SHA-256 as the hash and MGF1 algorithms will be used, and `PSSParameterSpec` (instead of SHA-256) will be the noun. The "SHA-384 will be used" in the next sentence might not be 100% grammatically correct in this sense but I think it's OK and nobody will misunderstand it. (In fact, there is the same problem in my original text). Thanks, Max p.s. This is probably the only RFE I can add into jdk15 before rdp1 now. The strong p12 algorithms and new CACERTS keystore type won't be ready. I do have several bug fixes that can wait till rdp2. > > --Sean >
