> On Nov 9, 2018, at 12:28 AM, Adam Petcher <adam.petc...@oracle.com> wrote:
>
> On 11/8/2018 8:10 AM, Weijun Wang wrote:
>
>> - CurveDB.java:
>>
>> - add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD,
>> + add("sect163r2 [NIST B-163]", "1.3.132.0.15", B,
>>
>> All other NIST B-*** curves do not have BD. This should have been a typo.
>
> I think this will change the default 163-bit curve from sect163r2 to
> sect163k1. We shouldn't change these defaults without a compelling reason.
I think this is a bug, as there should not be 2 curves with the same field size
both having BD.
I can file another bug on this. Maybe it needs it own CSR.
>
>>
>> - NamedCurve.java:
>>
>> A new field commonNames added, which is used by the new GroupName.java test.
>
> I don't see why this is necessary. The test is using this list of common
> names to make sure the correct named curve is used. Why not just check the
> value returned by NamedCurve.getName() against the expected (canonical) name
> of the curve? Or check the OID?
NamedCurve.getName() returns "secp256r1 [NIST P-256, X9.62 prime256v1]".
I don't want to canonicalize the name (how? returning NamedCurve.getName()?) or
use an OID. The test is about making sure the curve used matches the one user
specified. What if I am making the same error inside keytool and this
canonicalization or string-to-oid method?
In fact, I had wanted to add lines using "alternative names" like "-groupname
prime256v1" in the test but later I found out it must be `-groupname "X9.62
prime256v1"` which is not easy to write in the test. (the
SecurityTools.keytool() method does not like spaces inside an argument).
You might say since I have already called split(" ")[0] in src/ I can also call
it here in a test. But then I still want to have the chance to try out any
alternative name later, especially after we think "prime256v1" is better than
"X9.62 prime256v1".
Thanks
Max
>
>
