Code review request, JDK-8168822, Document that algorithm restrictions do not apply to trusted certs

Xuelei Fan xuelei.fan at oracle.com
Thu Oct 27 00:04:02 UTC 2016


Hi,

Please review the simple fix:

     http://cr.openjdk.java.net/~xuelei/8168822/webrev/

Algorithm restrictions do not apply to trusted certs as the
application or customer has made the decision to trust the "trusted 
cert".  However, this point is not explicit for general developers and 
users.  We'd better to clarify this point explicitly.

In the update, I add a short note for each algorithm constraint security 
properties:

    Note: Algorithm restrictions do not apply to trusted certificates.

Doc only update, no new regression test.

Thanks,
Xuelei


More information about the security-dev mailing list