* Sean Mullan: > On 12/15/10 10:38 AM, Florian Weimer wrote: >> * Sean Mullan: >> >>> Please review the following list: >>> http://cr.openjdk.java.net/~mullan/5001004/review.00/StandardNames.html#impl >> >> "SHA-1" or "SHA1"? (Our code uses "SHA1" for some reason, perhaps for >> consistency with "HmacSHA1".) > > "SHA-1" is the standard name, but Oracle's implementation (and > probably most others) also accept "SHA1" as an alias.
Oh, and I just realized that MD5 and HmacMD5 are missing. These algorithms are still heavily used (and HmacMD5 is not really broken, it's only guilty by association). >> I think the TLSv1 cipher suite list is effectively much longer. >> Correct? > > Yes, but only TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is mandatory. See > section 9 of RFC 2246: http://www.ietf.org/rfc/rfc2246.txt I think it's prudent to require TLS_RSA_WITH_AES_128_CBC_SHA as well (which is mandatory per RFC 5246). And RFC 5746 support should be required, too (which includes TLS_EMPTY_RENEGOTIATION_INFO_SCSV). >> There should also be some sort of factory to obtain the predefined >> algorithms. Instantiation through the framework is quite slow. For >> message digests, we currently rely on cloning a prototype object of >> the appropriate digest. > > There aren't any plans to add something like this for JDK 7, but > perhaps we can consider it for JDK 8. If you could sketch out a few > more details of what you think the API would look like, that would > help. Basically, I'd like to have a class which provides reasonable default implementations for common mandatory algorithms, without having to go through SPIs etc. That is, a class which implements an interface like this: interface DefaultMessageDigests { MessageDigest newMD5(); MessageDigest newSHA1(); MessageDigest newSHA256(); } For other types of primitives, this may make less sense because they generally have tweakable parameters. -- Florian Weimer <[email protected]> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
