On Mon, 30 Aug 2021 16:54:23 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
>> No, I meant changing the type of the `certScheme` argument in
>>
>> static SignatureScheme getPreferableAlgorithm(
>> AlgorithmConstraints constraints,
>> List<SignatureScheme> schemes,
>> SignatureScheme certScheme,
>> ProtocolVersion version) {
>>
>> to `String`. Since we are only putting `ss.keyAlgorithm` value into the
>> checked type list, we need to make sure we only check on about
>> `keyAlgorithm` now. My concern is that suppose one day we decide to check on
>> `ss.namedGroup` as well, then we will remember to update this method and the
>> checked list at the same time.
>
> I don't think so. In logic, we should check the SignatureScheme here rather
> than the String key algorithm. If we need an update in the future, we may
> want to update the following-on methods, like key manager APIs.
I agree it's not a problem now, and once we think it's a problem it will be a
big one. I'll keep the current methods as is.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5257
