Hello, how will the JCE Provider signing in Java 9 work? Are the jmod files signed (I dont see a signature in them in the Windows EA builds)?
On the BouncyCastle Crypto mailing list there has been a discussion that currently JCE code signing (of Jars) is done with a SHA1 chained 1024 bit DSA signature. https://www.bouncycastle.org/devmailarchive/msg14905.html Will that change to actually allow SHA-1 to be turned off? Does the JAR-path checking security attribute also apply to any (possible) JMOD signatures? Oracle's planned changes do not include as far as I can see any changes here. I dont mind much that JCE policy is enforced by an older algorithm, but it makes it impossible to globally turn off SHA1 and DSA (1024). Gruss Bernd
