Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8215320

Amend the Standard Algorithm Names specification to clarify that names can be defined in later versions

XMLWordPrintable

    • minimal
    • Other
    • SE

      Summary

      The Java Security Standard Algorithm Names specification should be clarified to state that, as a best practice, implementations that support additional algorithms not defined in the specification can and should use the standard name of those algorithms if they are defined in later versions of the specification.

      Problem

      The security landscape changes at a fast pace, and new and stronger algorithms and protocols are constantly being developed and standardized.
      With this proposed change, we will clarify that implementations that support additional algorithms are recommended to use the standard name of those algorithms if they have been added to subsequent versions of the Java Security Standard Algorithm Names specification.

      Solution

      See the specification section. This change will be included in the upcoming Maintenance Reviews of the Java SE 8 and 11 Platform JSRs. See https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2018-December/000308.html for more information.

      This change is targeted for Java SE 8, 11 and 12 and is the same across all releases. This CSR is intended to cover both 11 and 12, thus the fixVersion has been set to 11-pool and 12. A separate CCC will be filed and targeted to 8-pool.

      Specification

      Add the following sentence to the first section ("Standard Names") of the Java Security Standard Algorithm Names specification:

      Note that an SE implementation may support additional algorithms
      that are not defined in this specification.  As a best practice, if an
      algorithm is defined in a subsequent version of this specification and
      an implementation of an earlier specification supports that algorithm,
      the implementation should use the standard name of the algorithm
      that is defined in the subsequent specification.  Each SE implementation
      should also document the algorithms that it supports or adds support
      for in subsequent update releases.  The algorithms may be documented
      in release notes or in a separate document such as the JDK Security
      Providers document.

      With this change, the first section is now the following:

      The Java SE Security API requires and uses a set of standard
      names for algorithms, certificate and keystore types.
      
      Note that an SE implementation may support additional algorithms
      that are not defined in this specification.  As a best practice, if an
      algorithm is defined in a subsequent version of this specification and
      an implementation of an earlier specification supports that algorithm,
      the implementation should use the standard name of the algorithm
      that is defined in the subsequent specification.  Each SE implementation
      should also document the algorithms that it supports or adds support
      for in subsequent update releases.  The algorithms may be documented
      in release notes or in a separate document such as the JDK Security
      Providers document.
      
      In some cases naming conventions are given for forming names
      that are not explicitly listed, to facilitate name consistency
      across provider implementations. Items in angle brackets (such as
      <digest> and <encryption>) are placeholders to be replaced by a
      specific message digest, encryption algorithm, or other name.
      
      Note: Standard names are not case-sensitive.

            mullan Sean Mullan
            mullan Sean Mullan
            Iris Clark
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: