United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-5001004 : Required Security Algorithms need to be defined

Details
Type:
Bug
Submit Date:
2004-02-24
Status:
Closed
Updated Date:
2013-10-03
Project Name:
JDK
Resolved Date:
2011-03-05
Component:
security-libs
OS:
solaris_9
Sub-Component:
java.security
CPU:
sparc
Priority:
P2
Resolution:
Fixed
Affected Versions:
5.0
Fixed Versions:

Related Reports
Relates:
Relates:

Sub Tasks

Description
The API specifications for java.security, java.security.cert, and javax.crypto packages do not specify requirements for security algorithms and algorithm-specific requirements (e.g. encryption strength).
 
This issue makes it difficult to develop conformance tests. In an extreme case, an implementation can use very weak algorithms and still be considered a valid implementation according to the current javadoc API specification.
 
Furthermore, there is currently no guarantee that applications can interoperate. We need to specify a minimum level of required algorithms and parameters that all JRE implementations must support. This will improve interoperability and guarantee a minimum set of algorithms that all Java applications can depend on.

                                    

Comments
EVALUATION

Implementation requirements have been added to the class summary of each of the applicable Java security engine classes. 
A table that summarizes the implementation requirements will be updated/added to the Standard Algorithm Names Document in the 
JDK 7 security guides area.
                                     
2011-01-25
EVALUATION

###@###.### 2004-03-16

Should look into this.
                                     
2004-03-16



Hardware and Software, Engineered to Work Together