On Sat, 15 Jan 2022 00:23:31 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Yes. I would like the security team to validate this. > > I suggest moving the `TlsChannelBinding` class into > `java.base/sun.security.util` since it's not only used by LDAP anymore. It's > even not restricted to GSS-API. According to > https://www.rfc-editor.org/rfc/rfc5056, "Although inspired by and derived > from the GSS-API, the notion of channel binding described herein is not at > all limited to use by GSS-API applications". > > If so, you might need to modify the types of exceptions thrown in the class, > and move the 2 final strings to some other class inside `java.security.sasl`. Seems like `com.sun.jndi.ldap.sasl.TlsChannelBinding` is not misplaced.... ------------- PR: https://git.openjdk.java.net/jdk/pull/7065