> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
On Thu, 20 Feb 2025 20:31:40 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementatio
On Thu, 20 Feb 2025 20:31:40 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementatio
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
On Fri, 14 Feb 2025 21:13:45 GMT, Sean Mullan wrote:
>> Martin Balao has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains four commits:
>>
>> - Merge JDK-8345139 into JDK-8315487
>>
>>This way, we are syncing with the dependen
On Wed, 12 Feb 2025 21:52:57 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementatio
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
On Wed, 8 Jan 2025 16:50:01 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementation
On Thu, 19 Dec 2024 20:48:18 GMT, Martin Balao wrote:
>> Martin Balao has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase.
>
> Added a non-goal to the JEP to indicate that secu
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
On Tue, 17 Dec 2024 17:57:02 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementatio
On Tue, 17 Dec 2024 17:57:02 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementatio
Nice! Thank you!
On Wed, Dec 18, 2024 at 5:57 AM Martin Balao wrote:
> On 12/18/24 05:25, Xuelei Fan wrote:> Hm, that would be nice if JIT
> could optimize it. Did you have a chance
> > to verify it?
> >
>
> Yes. For example, to verify we can do the following:
>
> 1) Debug Signature::getInst
On 12/18/24 05:25, Xuelei Fan wrote:> Hm, that would be nice if JIT
could optimize it. Did you have a chance
to verify it?
Yes. For example, to verify we can do the following:
1) Debug Signature::getInstance throughout the path that calls
Signature::getInstanceRSA and ProvidersFilter::isAl
On Tue, Dec 17, 2024 at 9:34 PM Martin Balao wrote:
> On Wed, Dec 18, 2024 at 1:39 AM Xuelei Fan wrote:
>
>> On Tue, Dec 17, 2024 at 6:45 PM Martin Balao wrote:
>>
>>> On Wed, 18 Dec 2024 00:35:38 GMT, Xue-Lei Andrew Fan
>>> wrote:
>>>
>>> > Not to mention the performance impact.
>>>
>>> I am
On Wed, Dec 18, 2024 at 1:39 AM Xuelei Fan wrote:
> On Tue, Dec 17, 2024 at 6:45 PM Martin Balao wrote:
>
>> On Wed, 18 Dec 2024 00:35:38 GMT, Xue-Lei Andrew Fan
>> wrote:
>>
>> > Not to mention the performance impact.
>>
>> I am not sure if you mean the performance impact of having to make sur
On Tue, Dec 17, 2024 at 8:26 PM Xuelei Fan wrote:
>
>
> > I have to disable this feature, and don’t allow any security property
>> setting, which is not easy to me once an editable property is introduced.
>>
>> No need for this, the filter is disabled by default. If you are so
>> concerned that y
>
>
> Hi @XueleiFan,
>
> > I did not see the benefit of the proposal yet, except the troublesome I
> have to handle with in practice.
>
> The benefit is the removal of the limitation described in the [section
> **What is the current limitation?** of the JBS enhancement issue](
> https://bugs.openjd
On Wed, 18 Dec 2024 00:35:38 GMT, Xue-Lei Andrew Fan wrote:
> Not to mention the performance impact.
I am not sure if you mean the performance impact of having to make sure that
the Filter is not set, or the performance impact of having the Filter disabled.
For the latter, there won't be any i
On Wed, 18 Dec 2024 00:35:38 GMT, Xue-Lei Andrew Fan wrote:
>> Martin Balao has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains one additional
>> co
On Tue, 17 Dec 2024 17:57:02 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementatio
Oh, your testing is checking service type Cipher which is Java SE service.
It is not the case we discussed in the context: non-Java SE service types.
Xuelei
On Tue, Dec 17, 2024 at 2:47 PM Martin Balao wrote:
> On Tue, 17 Dec 2024 22:13:09 GMT, Xue-Lei Andrew Fan
> wrote:
>
> > Sorry, I meant
On Tue, 17 Dec 2024 21:24:16 GMT, Xue-Lei Andrew Fan wrote:
> Then, please redefine the scope and purpose of this feature. It is just a
> part of the solution. Xuelei
I see it differently. It's a solution for the problem that we think it is worth
addressing from the JDK/JCA perspective. It's n
On Tue, 17 Dec 2024 22:13:09 GMT, Xue-Lei Andrew Fan wrote:
> Sorry, I meant BCFIPS provider as linked in the URL I provided. Which may not
> be able to use putService as it needs to support back to Java 1.5, IIRC.
> Xuelei
BCFIPS works too (tested on `bc-fips-2.0.0.jar`). In this case, the fi
On Tue, 17 Dec 2024 17:57:02 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementatio
Let’s simplify the discussion. Just one question, is the filter able to
filter out FIPS unapproved crypto algorithms and parameters form a provide?
If the answer is yes, I will support this proposal and you take any
possible action to make it. If the answer is no, I will stop to discuss as
well a
On Tue, 17 Dec 2024 17:57:02 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementatio
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
On Tue, 17 Dec 2024 02:50:21 GMT, Xue-Lei Andrew Fan wrote:
> I agree that this proposal cannot solve all situation. But can it address the
> situations that FIPS approval can be granted? Otherwise, this proposal might
> just look great but no one can use it.
@martinuy mostly answered your que
On Sun, 15 Dec 2024 07:18:02 GMT, Xue-Lei Andrew Fan wrote:
> > It's only the combination of a Provider that overrides
> > getService/getServices + does not call putService/put + overrides
> > newInstance without calling its parent + uses a non-Java SE service type
> > that would be unfiltered
On Fri, 6 Dec 2024 19:56:07 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementation
On Mon, 16 Dec 2024 20:41:04 GMT, Anthony Scarpino
wrote:
> > > It's only the combination of a Provider that overrides
> > > getService/getServices + does not call putService/put + overrides
> > > newInstance without calling its parent + uses a non-Java SE service type
> > > that would be unf
On Sun, 15 Dec 2024 09:15:10 GMT, Xue-Lei Andrew Fan wrote:
> > It's only the combination of a Provider that overrides
> > getService/getServices + does not call putService/put + overrides
> > newInstance without calling its parent + uses a non-Java SE service type
> > that would be unfiltered
On Sun, 15 Dec 2024 07:18:02 GMT, Xue-Lei Andrew Fan wrote:
> It's only the combination of a Provider that overrides getService/getServices
> + does not call putService/put + overrides newInstance without calling its
> parent + uses a non-Java SE service type that would be unfiltered.
FYI, Jav
On Fri, 13 Dec 2024 05:14:07 GMT, Xue-Lei Andrew Fan wrote:
> It's only the combination of a Provider that overrides getService/getServices
> + does not call putService/put + overrides newInstance without calling its
> parent + uses a non-Java SE service type that would be unfiltered.
FYI. I
On Thu, Dec 12, 2024 at 1:20 PM Sean Mullan wrote:
> Xuelei,
>
> What value does a pluggable provider API provide?
With a public API, it is not necessary any longer for OpenJDK to maintain a
filter syntax. If the filter syntax is supported, it will require JDK to
maintain and track the develop
So you are saying that the JEP (#15539) has to be integrated first, then
JDK-8345139? If that's the case, shouldn't the JBS block links be the
other way around?
--Sean
On 11/29/24 2:25 PM, Francisco Ferrari Bihurriet wrote:
Unlike [JDK-8345221](https://bugs.openjdk.org/browse/JDK-8345221 "Rep
On Thu, 12 Dec 2024 22:54:59 GMT, Martin Balao wrote:
>>> In rare situations, a third-party provider can override
>>> java.security.Provider.Service::newInstance and return an unvetted service
>>> implementation (SPI).
>>
>>
>> Well, there is a concern of mine. I don't agree the case is rare.
On Thu, 12 Dec 2024 20:53:17 GMT, Xue-Lei Andrew Fan wrote:
> > For third-party providers that override java.security.Provider::getService
> > or java.security.Provider::getServices to return services that have not
> > been evaluated against the filter or are evaluated and not allowed, a
> > s
Xuelei,
What value does a pluggable provider API provide? Why would I want
different implementations of an API that I want to use to disable SHA-1
for example? Why would I want to learn more than one way to configure
them? The details are always going to be in how the filter is
configured, so
On Mon, 2 Dec 2024 21:05:53 GMT, Martin Balao wrote:
> getService/getServices API overrides are supported since the initial PR.
> Please check the JEP and implementation, and let us know if you see any flaw.
I guess you refer to the following section in the JEP. Otherwise, please let
me know
-bcc core-libs-dev as I don't think future discussions of this topic
needs to include that group.
I have been catching up on these discussions now that we have reached
JDK 24 RDP.
Martin,
I would like to see some of this captured in the Alternatives section in
the JEP, particularly Xuelei's
On Thu, 5 Dec 2024 20:45:57 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementation
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
On Mon, 2 Dec 2024 00:37:45 GMT, Xue-Lei Andrew Fan wrote:
>> Martin Balao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Undo SunNativeProvider provider changes. They will be implemented in
>> JDK-8345221.
>
> Thank you for the respon
On Fri, 29 Nov 2024 14:28:27 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementatio
On Sat, 30 Nov 2024 18:56:31 GMT, Xue-Lei Andrew Fan wrote:
>> Hi @XueleiFan,
>>
>> Is not a goal of this proposal to allow different filter implementations,
>> for this reason, there isn't a pluggable filter API design. The only
>> publicly API exposed by the filter is the `jdk.security.provi
On Fri, 29 Nov 2024 19:22:57 GMT, Francisco Ferrari Bihurriet
wrote:
> ... We agree that this pull request is too large to review ...
Thank you!
> ... Is not a goal of this proposal to allow different filter implementations
Got it. Thank you for the clarification. But, does it sound reason
On Mon, 4 Nov 2024 19:46:07 GMT, Xue-Lei Andrew Fan wrote:
>> Martin Balao has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains eight commits:
>>
>> - Remove -Xdebug from commented-out debug command
>>
>>This is unnecessary, s
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
On Mon, 21 Oct 2024 18:30:50 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementatio
On Fri, 6 Oct 2023 17:06:03 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementation
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
Hi Martin and Francisco,
Thank you for your work on proposing this feature. This is a significant change
to the JCA/JCE provider mechanism and consists of (roughly) over a thousand
lines of code changes. Based on that and after spending some time understanding
and reviewing the proposal, we fee
On Fri, 1 Sep 2023 15:13:46 GMT, Martin Balao wrote:
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of
In addition to the goals, scope, motivation, specification and requirement
notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
like to describe the most relevant decisions taken during the implementation of
this enhancement. These notes are organized by feature, may enc
70 matches
Mail list logo
