> On Mar 13, 2018, at 11:54 PM, Xuelei Fan <xuelei....@oracle.com> wrote: > > On 3/13/2018 1:06 AM, Weijun Wang wrote: >>> On Mar 12, 2018, at 10:41 PM, Sean Mullan <sean.mul...@oracle.com> wrote: >>> >>> I would tend to think that we should only specify (or guarantee) that >>> standard names are checked and used in the disabled algorithm properties. >> But this means first we must only set standard names in the properties. What >> if someone sets a non-standard one? Do we just accept it as a raw string and >> only reject an algorithm if it is also using the non-standard name? > Where does the non-standard name come from?
The setting inside java.security. I know we use standard names now, but customer can change it. > Maybe, before calling into the crypto constraints methods, the name can be > standardized. We will need a table, not based on aliases in any provider. --Max > > Xuelei