[prev in list] [next in list] [prev in thread] [next in thread]
List: openjdk-security-dev
Subject: Fwd: Re: RFR[8u41]: MR 3 - ALPN & RSASSA-PSS in Java SE 8
From: Valerie Peng <valerie.peng () oracle ! com>
Date: 2019-11-18 22:41:41
Message-ID: 25e2eb41-0a3a-f0c9-64f4-1e8b64dedd18 () oracle ! com
[Download RAW message or body]
Should reply to all, here it is...
-------- Forwarded Message --------
Subject: Re: RFR[8u41]: MR 3 - ALPN & RSASSA-PSS in Java SE 8
Date: Mon, 18 Nov 2019 13:18:37 -0800
From: Valerie Peng <valerie.peng@oracle.com>
Organization: Oracle Corporation
To: jdk8u-dev@openjdk.java.net
Hi Brad,
Most changes look good. Just a nit and a question (please see below):
- src/share/classes/java/security/Signature.java: line 596 has @since 13
- As a side effect of this, I noticed that the default key size for RSA is
bumped up from 1024 to 2048 (see sun/security/util/SecurityProviderConstants.java
and src/share/classes/sun/security/rsa/RSAKeyPairGenerator.java). I wonder if
we may need to adjust the value in SecurityProviderConstrants.java back to 1024
for RSA and maybe use 2048 for RSASSA-PSS? Or, maybe can we bump RSA default
to 2048 as well?
Thanks,
Valerie
On 11/13/2019 6:05 PM, Bradford Wetmore wrote:
> Xuelei/Valerie (+ any other codereviewers),
>
> As announced on jdk8u-dev[1], there is a Maintenance Release in
> progress for Java SE 8 (i.e. JSR 337) [2] to include two security
> features important for TLS 1.3:
>
> 1. Application-Layer Protocol Negotiation (ALPN) [3][4]
> 2. RSA Signature Scheme with Appendix: Probabilistic Signature Scheme
> (RSASSA-PSS) [5][6]
>
> The Enhancement and CSR IDs are footnoted above/below.
>
> To ensure compatibility across the active Java releases, we are
> backporting the APIs introduced in Java SE 9 and 11 respectively to
> Java SE 8.
>
> This email is a Request For Review (RFR) of the two major pieces for
> this MR:
>
> 1. ALPN:
> http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u41/open/ALPN
>
> 2. RSASSA-PSS:
> http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u41/open/PSS
>
> This includes the updates to the Specification and Reference
> Implementation (RI), which will be called JDK 8u41 [7].
>
> Almost all of these changes are direct copies of the changesets
> applied in JDK 9+.
>
> In addition to these features:
>
> 1. The file ADDITIONAL_LICENSE_INFO was added, which is identical to
> the same file in later releases.
>
> 2. Truncated MessageDigests (i.e. SHA-512/224, SHA-512/256) were
> added to the SUN Provider to support the corresponding truncated
> RSASSA-PSS Signatures.
>
> Thanks,
>
> Brad
>
> [1]
> https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-November/010573.html
> [2] https://www.jcp.org/en/jsr/detail?id=337
> [3] https://bugs.openjdk.java.net/browse/JDK-8230977
> [4] https://bugs.openjdk.java.net/browse/JDK-8233417
> [5] https://bugs.openjdk.java.net/browse/JDK-8230978
> [6] https://bugs.openjdk.java.net/browse/JDK-8233418
> [7] http://hg.openjdk.java.net/jdk8u/jdk8u41/
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<p>Should reply to all, here it is...<br>
</p>
<div class="moz-forward-container">-------- Forwarded Message
--------
<table class="moz-email-headers-table" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Subject:
</th>
<td>Re: RFR[8u41]: MR 3 - ALPN & RSASSA-PSS in Java SE 8</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Date: </th>
<td>Mon, 18 Nov 2019 13:18:37 -0800</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">From: </th>
<td>Valerie Peng <a class="moz-txt-link-rfc2396E" \
href="mailto:valerie.peng@oracle.com"><valerie.peng@oracle.com></a></td> </tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Organization:
</th>
<td>Oracle Corporation</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">To: </th>
<td><a class="moz-txt-link-abbreviated" \
href="mailto:jdk8u-dev@openjdk.java.net">jdk8u-dev@openjdk.java.net</a></td> </tr>
</tbody>
</table>
<br>
<br>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>Hi Brad,</p>
<p>Most changes look good. Just a nit and a question (please see
below):<br>
</p>
<pre>- src/share/classes/java/security/Signature.java: line 596 has @since 13
- As a side effect of this, I noticed that the default key size for RSA is
bumped up from 1024 to 2048 (see sun/security/util/SecurityProviderConstants.java
and src/share/classes/sun/security/rsa/RSAKeyPairGenerator.java). I wonder if
we may need to adjust the value in SecurityProviderConstrants.java back to 1024
for RSA and maybe use 2048 for RSASSA-PSS? Or, maybe can we bump RSA default
to 2048 as well?
Thanks,
Valerie
</pre>
<div class="moz-cite-prefix">On 11/13/2019 6:05 PM, Bradford
Wetmore wrote:<br>
</div>
<blockquote type="cite"
cite="mid:e3a062c9-a3c6-166c-3dad-0a34c15e1fc2@oracle.com">Xuelei/Valerie
(+ any other codereviewers), <br>
<br>
As announced on jdk8u-dev[1], there is a Maintenance Release in
progress for Java SE 8 (i.e. JSR 337) [2] to include two
security features important for TLS 1.3: <br>
<br>
1. Application-Layer Protocol Negotiation (ALPN) [3][4] <br>
2. RSA Signature Scheme with Appendix: Probabilistic Signature
Scheme (RSASSA-PSS) [5][6] <br>
<br>
The Enhancement and CSR IDs are footnoted above/below. <br>
<br>
To ensure compatibility across the active Java releases, we are
backporting the APIs introduced in Java SE 9 and 11 respectively
to Java SE 8. <br>
<br>
This email is a Request For Review (RFR) of the two major pieces
for this MR: <br>
<br>
1. ALPN: <br>
<a class="moz-txt-link-freetext"
href="http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u41/open/ALPN"
moz-do-not-send="true">http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u41/open/ALPN</a>
<br>
<br>
2. RSASSA-PSS: <br>
<a class="moz-txt-link-freetext"
href="http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u41/open/PSS"
moz-do-not-send="true">http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u41/open/PSS</a>
<br>
<br>
This includes the updates to the Specification and Reference
Implementation (RI), which will be called JDK 8u41 [7]. <br>
<br>
Almost all of these changes are direct copies of the changesets
applied in JDK 9+. <br>
<br>
In addition to these features: <br>
<br>
1. The file ADDITIONAL_LICENSE_INFO was added, which is
identical to the same file in later releases. <br>
<br>
2. Truncated MessageDigests (i.e. SHA-512/224, SHA-512/256)
were added to the SUN Provider to support the corresponding
truncated RSASSA-PSS Signatures. <br>
<br>
Thanks, <br>
<br>
Brad <br>
<br>
[1]
<a class="moz-txt-link-freetext"
href="https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-November/010573.html"
moz-do-not-send="true">https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-November/010573.html</a><br>
[2] <a class="moz-txt-link-freetext"
href="https://www.jcp.org/en/jsr/detail?id=337"
moz-do-not-send="true">https://www.jcp.org/en/jsr/detail?id=337</a>
<br>
[3] <a class="moz-txt-link-freetext"
href="https://bugs.openjdk.java.net/browse/JDK-8230977"
moz-do-not-send="true">https://bugs.openjdk.java.net/browse/JDK-8230977</a>
<br>
[4] <a class="moz-txt-link-freetext"
href="https://bugs.openjdk.java.net/browse/JDK-8233417"
moz-do-not-send="true">https://bugs.openjdk.java.net/browse/JDK-8233417</a>
<br>
[5] <a class="moz-txt-link-freetext"
href="https://bugs.openjdk.java.net/browse/JDK-8230978"
moz-do-not-send="true">https://bugs.openjdk.java.net/browse/JDK-8230978</a>
<br>
[6] <a class="moz-txt-link-freetext"
href="https://bugs.openjdk.java.net/browse/JDK-8233418"
moz-do-not-send="true">https://bugs.openjdk.java.net/browse/JDK-8233418</a>
<br>
[7] <a class="moz-txt-link-freetext"
href="http://hg.openjdk.java.net/jdk8u/jdk8u41/"
moz-do-not-send="true">http://hg.openjdk.java.net/jdk8u/jdk8u41/</a>
<br>
</blockquote>
</div>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic