On Tue, 14 Mar 2023 21:58:46 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
>> May I get a chance to review it before the integration? I may need more >> time to dig into time-constant issue. > >> May I get a chance to review it before the integration? I may need more time >> to dig into time-constant issue. > > If I read the Bleichenbacher's > Attack[[1]](https://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf)[[2]](https://medium.com/@c0D3M/bleichenbacher-attack-explained-bc630f88ff25)[[3]](https://asecuritysite.com/encryption/c_c3) > right, the attack works if it can tell the difference between good > conditions and error conditions. RFC 8017 says "distinguish the different > error conditions", but it may be parsed differently for various context. > Please be careful about this update. > > Thank you for giving me more time to look into the details. @XueleiFan are you still looking into the details of this change? ------------- PR Comment: https://git.openjdk.org/jdk/pull/12732#issuecomment-1479856354
