On 9/25/2018 8:34 AM, Adam Petcher wrote:
Yes, it is possible, at the expense of some assurance related to
security against side-channel attacks. This interoperable implementation
will be available by default in SunEC. A higher-assurance form of the
same implementation will be available in the new provider. The
additional effort required to put this implementation in both providers
is expected to be relatively small.
Can we have the same security level impl in SunEC in some circumstances?
For example, when the key is not imported for the 4 named curves.
Using a new provider means we force applications to choose between weak
and interop, just because we cannot provide both at the same time.
Thanks,
Xuelei
