Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7079148

define security levels

    XMLWordPrintable

    Details

      Description

      MD5 is no longer acceptable where collision resistance is required such as digital signatures. However, because MD5 is still used widely in the industry, we cannot disable MD5 algorithms by default in Java releases. For the same reason, we cannot disable RSA keys which key size is less than 1024, and SHA-1 signature by default.

      Applications can controll these weak algorithms and key with AlgorithmConstraints. However, it may be necessary to provider a uniform and simple solution to simplify the control. We may define security levels. In the basic level, we support not-default-disabled algorithms and keys(/key sizes); in the lower level, we support any algorithms and keys; in the higher level, we only support strong algorithms and keys (RSA keysize >= 2048, etc.) and other policy (such as EV cert). Users can customize each level with algorithm constraints.

        Attachments

          Activity

            People

            Assignee:
            xuelei Xue-Lei Fan
            Reporter:
            xuelei Xue-Lei Fan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: