On Fri, 4 Mar 2022 16:48:47 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> > About the CSR, did you have a plan to update the "Endpoint Identification > > Algorithms" in the [Java Security Standard Algorithm > > Names](https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#endpoint-identification-algorithms) > > documentation? Currently, the "HTTPS" name is defined for RFC 2818. With > > this update is may be worth to mention the compliant to RFC 6125, like > > ``` > > HTTPS | RFC 2818, compliant with RFC 6125 > > ``` > > I thought about that but I was hesitant to do that, because technically RFC > 6125 does not obsolete RFC 2818 and there has been no successor to RFC 2818. > So I would rather treat RFC 6125 as an implementation-specific feature of the > JDK TLS implementation; in other words we chose to make our implementation > compliant with RFC 6125 but other implementations may choose not to and still > be compliant with RFC 2818. Since RFC 2818 is somewhat ambiguous/vague with > respect to what components can use wildcards, I believe the JDK > implementation is still compliant with 2818. I realize this is not a perfect > situation, but if we do this via the API, then I think we need new APIs such > that older implementations that may be less strict about wildcards are still > compatible with 2818 if they choose. It makes sense to me. ------------- PR: https://git.openjdk.java.net/jdk/pull/7697