Although no one really remembers why, I suspect in a prehistoric world
where you only had TrustedCertificateEntry and PrivateKeyEntry, you might
allow an upgrade from TCE to PKE with the assumption that the certificate
is the same and we are really just adding the private key.
So in that scenari
Thinking out loud here...seems like we need to talk about impacts on both
sides of the wire.
On the client side, I don't think this can have any effect. According to
the TLS RFC (link), the ClientHello includes the
cipher_suites
This is a list of the cryptographic options supported by t
For the algorithms that NIST recognizes and approves, the doc linked below
has some strength comparisons in tables near page 60
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
Bruce A Rich
brich at-sign us dot ibm dot com
From: Bradford Wetmore
Max,
There is already substantial usage of JCEKS to store secret keys. And
that has been operational since Java 5.
So I'm not sure what question you are asking. One might have asked
whether the multi-format keystore would also accommodate JCEKS.
If that was your question, I think it would in
+1
IBM already has SP800-90a/SHA256/HASH, SP800-90a/SHA384/HASH, and
SP800-90a/SHA512/HASH in our provider, but without standardized names,
they are not very useable for the Java community as a whole.
Bruce A Rich
brich at-sign us dot ibm dot com
- Forwarded by Bruce Rich/Austin/IBM on 01
