On Wed, 4 Jun 2025 16:50:41 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/KeyUtil.java line 62: >> >>> 60: * each standardized parameter set. For example, ML-KEM-768 is >>> assigned to >>> 61: * category 3, and ML-DSA-87 to category 5. >>> 62: * >> >> Should we consider returning whatever number is an the end of PQC algorithms >> as a key size? That would make things consistent and it would allow us to >> use existing `keySize` algorithm constraints for PQC algorithms. Key sizes >> for RSA and EC algorithms already differ significantly for the same security >> level: 3072-bit RSA corresponds to 256-bit EC. So we can return `768` for >> ML-KEM-768 or `87` for ML-DSA-87. > > For ML-DSA-87, 87 isn’t a key size in any sense. Using it as a key size would > be misleading. For algorithm constraints, we can use the parameter set name > directly. Right, we should probably consider renaming `getKeySize()` to `getKeyStrength()`, but I guess that would be outside of this PR's scope. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/25642#discussion_r2127131876
