On Tue, 11 Feb 2025 17:50:45 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:
> This fix makes some minor changes to the internals of the > `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break > when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS > works better now with these changes. I've also taken this opportunity to do > some cleanup on CertificateBuilder and added a method which uses a default > signing algorithm based on the key, so the `build()` method no longer needs > to provide that algorithm (though one can if they wish for things like RSA > signatures if they want a different message digest in the signature). Interesting! Is there no JEP Level Initiative for This? Did you do any Interop Testing, in fact are there already Root CAs offering such certificates? Does it apply Cross key typen? (ML-DSA issue signature on a ECDSA key or vice versa?) ------------- PR Comment: https://git.openjdk.org/jdk/pull/23566#issuecomment-2652309271
