Please review the CSR at
https://bugs.openjdk.java.net/browse/JDK-8245274
The most arguable is the new block extension names. I drafted "PSS" for
"RSASSA-PSS", and "EDD" for "EdDSA", since the old extension names never
exceeded 3 letters. If we do not care about this, we can just make them
"RSASSA-PSS" and "EdDSA". We've always treated the extension name in a
case-insensitive way but this needs some debugging.
Another thing I haven't mentioned in the CSR is about using `-sigalg
RSASSA-PSS` for an RSA key. The hashAlgorithm and maskGenAlgorithm of the PSS
parameters will be determined by the key size of the key, i.e.
// Same values for RSA and DSA
private static String ifcFfcStrength (int bitLength) {
if (bitLength > 7680) { // 256 bits
return "SHA512";
} else if (bitLength > 3072) { // 192 bits
return "SHA384";
} else { // 128 bits and less
return "SHA256";
}
}
and it's not adjustable. I don't know what the best place is for this info.
Thanks,
Max
