[security-dev 01138]: Re: 6840752: Provide out-of-the-box support for ECC algorithms
Andrew John Hughes
gnu_andrew at member.fsf.org
Fri Aug 28 07:17:31 PDT 2009
2009/8/28 Max (Weijun) Wang <Weijun.Wang at sun.com>:
> On Aug 28, 2009, at 9:56 AM, Andrew John Hughes wrote:
>> 2009/8/28 Max (Weijun) Wang <Weijun.Wang at sun.com>:
>>> On Aug 27, 2009, at 9:52 PM, Andrew John Hughes wrote:
>>>> The problem is more the fact that it's an additional copy rather than
>>>> using the system installation, which means it has to be patched for
>>>> bugs and security fixes separately. For IcedTea, I'll look at
>>>> providing and using the option of using the system NSS and will also
>>>> submit this for review here if there is interest in providing such an
>>> Since Java security is already provider based, I guess you can simply
>>> one provider named NSS and remove all other security.provider.<n> lines
>> Sounds like the JDK6 solution :)
> No, this is the real Java solution. :)
>> I think the simpler fix is to just provide an option for the calls to
>> the native code to use the system library rather than the included
>> copy (some of the new files appear to be verbatim copies of files from
>> NSS AFAICS). But I need to look at this in more detail.
> This only redirects native calls to your centralized ones, but JRE includes
> a lot of pure Java providers. If they are still listed in the java.security
> file, your so called "Fedora Crypto Consolidation" is not 100% complete.
It's not mine, and I was merely referencing that as to why using NSS
for ECC in the end was a good thing.
>> Andrew :-)
>> Free Java Software Engineer
>> Red Hat, Inc. (http://www.redhat.com)
>> Support Free Java!
>> Contribute to GNU Classpath and the OpenJDK
>> PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
>> Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the security-dev