Request for phase 2 approval for CR 7099228 - Use a PKCS11 config attribute to control encoding of an EC point
edvard.wendelin at oracle.com
Thu Oct 13 11:35:56 PDT 2011
On 13 okt 2011, at 00.57, Vincent Ryan wrote:
> 7099228: Use a PKCS11 config attribute to control encoding of an EC
> The fix for CR 7054637 introduced a PKCS11 token attribute to
> control whether
> an EC point encoding is wrapped in an ASN.1 OCTET STRING or not.
> It has been reported that the numeric identifier chosen for that
> clashes with the numeric identifier already chosen by a vendor of
> tokens in one of their vendor extensions.
> To avoid this and any future namespace collisions from other token
> vendors a
> JCE provider attribute is used instead of a token attribute.
> Equivalent patch to the fix for JDK 8:
> Valerie Peng
> Sean Mullan
> This fix is required in order to avoid any unintended behaviour in
> security tokens due to a namespace collision in an extensible set of
> token attributes. One security token vendor has already been
> identified that
> will be impacted by this namespace collision.
> The fix corrects the problem before any other vendors are impacted.
> The fix
> is limited in scope, isolated and is low risk. Only classes in the
> JCE provider are affected by this fix.
> Testing is covered by the existing PKCS11 automated regression tests.
More information about the jdk7u-dev