On 9/25/2018 8:34 AM, Adam Petcher wrote:
On 9/25/2018 11:15 AM, Xuelei Fan wrote:
I did not follow the discussion. But it does not sound right to me to
have an application to be provider dependent (#3).
There will be nothing provider-dependent in the TLS implementation. The
point of #3 is to say that we should test the TLS implementation to
ensure that it will work with either "EC" provider. The only required
changes to TLS code will be using PKCS8 private keys instead of
BigInteger private keys.
I read it as there is no need to change TLS implementation, right? The
change from BigInteger private keys to PKCS8 private keys is for test
only, right? What if we don't change test code as well? Can an
existing application survive if it uses BigInteger private keys (okay, I
this is a interop question)?
I was not confident that a new provider instead of updating the
existing provider is a good idea. It might be a significant effort to
update existing provider. However, if we don't do that, the cost to
use the new provider is not minimal.
As we discussed previous, lacking interop could face significant
issues and result in complicated coding in practice. Thinking about
SunPKCS11 and SunMSCAPI provider, and how many trouble we have had for
them, and how many workaround we have patched for them.
Unless it is not possible to have an interop-able implementation, I
would suggest take more time to have an interop-able design and impl.
Is it possible to have an interop-able impl? If it is possible, how
much effort will it take?
Yes, it is possible, at the expense of some assurance related to
security against side-channel attacks.
We may not want to have an impl to expose to side-channel attacks.
Okay, let me ask the question in another way. Is it possible to have an
interop-able impl without losing the quality of the new formula
(side-channel attacks, etc)? How much effort will it take to make it
possible (please consider even we have to update the BigInteger APIs as
well)?
Sorry for so much question, I did not take enough time for the new
formula. So I depend on the questions to you so that I can have a
better feel of the design.
Thanks,
Xuelei
This interoperable implementation
will be available by default in SunEC. A higher-assurance form of the
same implementation will be available in the new provider. The
additional effort required to put this implementation in both providers
is expected to be relatively small.