On Fri, 20 Jan 2023 22:03:29 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> Please review the fix to address the problem in keytool -genseckey and >> -importpass. > > Hai-May Chao has updated the pull request incrementally with one additional > commit since the last revision: > > Update with Max's comment Yeah, this is a little tricky. My feeling is that if you disable an algorithm like "RC2", it should cover all uses of it no matter what the keysize. If you only want to disable certain keysizes, then you should add a keysize constraint. We would need to make the parsing smarter so that "RC keysize <= 40" covers RC_40 but not RC_128, etc. Hmac is another good corner case. It would be nice if we could have exceptions, like "SHA512", "!HmacSHA512". But that's a little more involved, and requires some more thought as to whether that is a good idea. ------------- PR: https://git.openjdk.org/jdk/pull/12056
