2009/8/27 Vincent Ryan <vincent.r...@sun.com>: > Hello Andrew, > > Our original intention was to provide a Java implementation of ECC. > > However due to software patents already granted for ECC we were > constrained in what we could reasonably resource and openly discuss. > > In the end we opted to reuse the NSS code from OpenSolaris (which was > originally developed at Sun Labs and donated to OpenSSL and NSS). > > Although, on many non-Windows platforms, this does result in an existing > system library being replicated in the JDK perhaps that issue can be > solved in future by making use of modules. > > > > Andrew John Hughes wrote: >> With this changeset: >> >> http://hg.openjdk.java.net/jdk7/jdk7/jdk/rev/1ff7163fc5f7 >> >> the new ECC was added to OpenJDK. When I first read about this, I'd >> assumed we were getting a Java-based implementation. The final >> changeset seem to just be an inclusion of the NSS code into the >> OpenJDK codebase, which adds yet another case where a system library >> is replicated internally (the others being libjpeg, libpng, zlib, lcms >> and probably others I've missed). >> >> Is this correct? Were there local modifications to this code as well? >> >> As seems to be common practice with OpenJDK, this changeset just >> appeared with very little, if any, public discussion. >
Hi Vincent, Thanks for the explanation. That makes things clearer. I guess that's yet another reason for me to hate software patents :) I actually think that continuing with the NSS implementation may be the better course of action. It means that the same well-tested implementation (and one that has been FIPS certified) is being used rather than adding yet another. Fedora actually have an effort to make all their packages use NSS (http://fedoraproject.org/wiki/FedoraCryptoConsolidation) so this fits in well with that. The problem is more the fact that it's an additional copy rather than using the system installation, which means it has to be patched for bugs and security fixes separately. For IcedTea, I'll look at providing and using the option of using the system NSS and will also submit this for review here if there is interest in providing such an option. -- Andrew :-) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) Support Free Java! Contribute to GNU Classpath and the OpenJDK http://www.gnu.org/software/classpath http://openjdk.java.net PGP Key: 94EFD9D8 (http://subkeys.pgp.net) Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
