[security-dev 00575]: Re: Code review request: 6780416: New keytool commands/options: -gencert, -printcertreq, -ext
Max (Weijun) Wang
Weijun.Wang at Sun.COM
Wed Feb 18 02:26:42 PST 2009
On Feb 18, 2009, at 6:17 PM, Xuelei Fan wrote:
> > If you find the webrev too long, you might only review a part of it.
> This class looks fine for me except that the SubjectInfoAccessSyntax
> is introduced from RFC3280, so I think it would be better change
> line 50 from RFC5280 to RFC3280.
It was introduced in a previous RFC, but I think if the definition is
not changed in a newer RFC, using the new RFC in the document is not a
This is the process I would choose regarding old and new spec:
If you're writing something new, always try to use the new spec, and
document it. For existing codes, if there's no enhancement in the new
spec, simply update the document link in the codes to point to the new
one. Otherwise, keep the old document link until the codes is updated
to reflect the new features, and then update the document link.
Does this sound rational?
> Max (Weijun) Wang wrote:
>> Hi All
>> Can you take a review of this RFE?
>> 6780416: New keytool commands/options: -gencert, -printcertreq, -ext
>> bug: http://bugs.sun.com/view_bug.do?bug_id=6780416
>> webrev: http://hgrev.appspot.com/show?id=3077
>> The spec of the 3 new commands/options is inside the evaluation
>> section of the bug report.
>> The fix is mainly on KeyTool.java, with changes in Resources.java
>> for l10n strings. Some X.509 files are changed to provide new
>> constructor, new constants etc. A new class
>> SubjectInfoAccessExtension.java is created for the extension. The
>> KeyToolTest.java regression test are updated to cover the new
>> If you find the webrev too long, you might only review a part of it.
More information about the security-dev