On Mon, 15 Jul 2024 13:39:27 GMT, Sean Coffey wrote:
>> The `javax.net.debug` TLS debug option is buggy since TLSv1.3 implementation
>> was introduced many years ago.
>>
>> Where "ssl" was previously a value to obtain all TLS debug traces (except
>> network type dumps, verbose data), it now pr
On Tue, 3 Sep 2024 22:03:41 GMT, Weijun Wang wrote:
>> The passage you cited is grammatically correct. Many values are converted to
>> one object.
>
> Are you sure? When one call `addIKM(byte[])` multiple times, I can see in the
> code that each time a new `SecretKeySpec` object is added into t
On Fri, 30 Aug 2024 21:44:26 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line
>> 157:
>>
>>> 155: *
>>> 156: * This supports the use-case where a label can be applied to
>>> the IKM
>>> 157: * but the actual value
On Fri, 30 Aug 2024 21:44:44 GMT, Kevin Driver wrote:
>> This is not an API comment. This is implementation only.
>>
>> I just propose that if there exist one or more implementations for this
>> algorithm but none of them accepts the parameters then you should throw an
>> IAPE. This is what th
On Fri, 30 Aug 2024 16:33:39 GMT, Kevin Driver wrote:
>> I think the reference to `KDF#getParameters()` is meant to refer the reader
>> to the information there, rather than repeating it again here. Thoughts?
>
> Addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/6b7a75da2ebb1cc9d
On Fri, 30 Aug 2024 23:26:12 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Tue, 3 Sep 2024 20:35:58 GMT, Kevin Driver wrote:
>> I see them. Plural noun does not match singular one at:
>>
>> Input keying material values added by {@link Builder#addIKM(byte[])}
>> * are converted to a {@code SecretKeySpec} object.
>> *
>>
>> Maybe "{@code SecretKeyS
On Tue, 3 Sep 2024 20:13:10 GMT, Valerie Peng wrote:
>> See:
>> https://github.com/openjdk/jdk/pull/20301/commits/25c17b26231b2b63bab9193fe29c7c258f96a31f
>
> It looks like `Arrays.copyOf()` is still called unconditionally?
After relocating the length enforcement to hkdfExpand, as suggested, I
On Tue, 3 Sep 2024 20:29:33 GMT, Weijun Wang wrote:
>> Addressed in
>> https://github.com/openjdk/jdk/pull/20301/commits/e4400b6edaf69d08726a63e2a705784c731648db.
>> Please confirm if resolved.
>
> I see them. Plural noun does not match singular one at:
>
> Input keying material values added b
On Fri, 30 Aug 2024 21:44:06 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line
>> 322:
>>
>>> 320: * Returns an unmodifiable {@code List} of input keying
>>> material values
>>> 321: * in the order they were added. Returns a
On Fri, 30 Aug 2024 23:13:04 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 121:
>>
>>> 119: private Iterator serviceIterator;
>>> 120:
>>> 121: private final Object lock;
>>
>> Why are you using an `Object` as a lock instead of something like
>> `R
On Fri, 30 Aug 2024 23:22:15 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 227:
>>
>>> 225:
>>> == null) ? null : salt.getEncoded());
>>> 226:
On Fri, 30 Aug 2024 23:21:57 GMT, Kevin Driver wrote:
>> Since the desired length is passed into `hkdfExpand()` method, why not make
>> `hkdfExpand()` return the output with the requested length?
>
> See:
> https://github.com/openjdk/jdk/pull/20301/commits/25c17b26231b2b63bab9193fe29c7c258f96a3
On Tue, 27 Aug 2024 17:18:29 GMT, Mark Powers wrote:
> Please review this change to distrust TLS server certificates issued after
> October 31, 2024 and anchored by Entrust Root CAs. This change is in line
> with similar plans recently announced by Google and Mozilla. TLS server
> certificates
On Tue, 3 Sep 2024 17:38:30 GMT, Rajan Halade wrote:
>> Mark Powers has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> beware moving lines around
>
> test/jdk/sun/security/ssl/X509TrustManagerImpl/Entrust/Distrust.java line 113:
>
>> 111:
On Mon, 2 Sep 2024 21:47:25 GMT, Mark Powers wrote:
>> Please review this change to distrust TLS server certificates issued after
>> October 31, 2024 and anchored by Entrust Root CAs. This change is in line
>> with similar plans recently announced by Google and Mozilla. TLS server
>> certifica
On Mon, 2 Sep 2024 21:47:25 GMT, Mark Powers wrote:
>> Please review this change to distrust TLS server certificates issued after
>> October 31, 2024 and anchored by Entrust Root CAs. This change is in line
>> with similar plans recently announced by Google and Mozilla. TLS server
>> certifica
On Tue, 3 Sep 2024 17:41:24 GMT, Rajan Halade wrote:
>> Mark Powers has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> beware moving lines around
>
> test/jdk/sun/security/ssl/X509TrustManagerImpl/Entrust/Distrust.java line 141:
>
>> 139:
On Mon, 2 Sep 2024 21:47:25 GMT, Mark Powers wrote:
>> Please review this change to distrust TLS server certificates issued after
>> October 31, 2024 and anchored by Entrust Root CAs. This change is in line
>> with similar plans recently announced by Google and Mozilla. TLS server
>> certifica
On Mon, 2 Sep 2024 21:47:25 GMT, Mark Powers wrote:
>> Please review this change to distrust TLS server certificates issued after
>> October 31, 2024 and anchored by Entrust Root CAs. This change is in line
>> with similar plans recently announced by Google and Mozilla. TLS server
>> certifica
On Tue, 27 Aug 2024 14:49:40 GMT, Fernando Guallini
wrote:
> The test sun/security/validator/samedn.sh failed once due to the following
> reason:
>
> `Caused by: java.security.cert.CertificateNotYetValidException: NotBefore:
> Tue Aug 06 14:41:13 GMT 2024`
>
> This test generates several cer
> There are 3 manual GSS-API/Kerberos tests that require a manual setup and
> were added to the problem list years ago:
>
> - com/sun/security/sasl/gsskerb/**AuthOnly**-> Verifies that both client and
> server have completed the authentication process.
> - com/sun/security/sasl/gsskerb/**NoSecur
On Mon, 5 Aug 2024 10:46:32 GMT, Fernando Guallini
wrote:
> There are 3 manual GSS-API/Kerberos tests that require a manual setup and
> were added to the problem list years ago:
>
> - com/sun/security/sasl/gsskerb/**AuthOnly**-> Verifies that both client and
> server have completed the authen
23 matches
Mail list logo
