JDK-8235184 : Deprecate the legacy elliptic curves for removal
  • Type: CSR
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 14
  • Submitted: 2019-12-02
  • Updated: 2022-12-14
  • Resolved: 2019-12-07
Related Reports
CSR :  
JDK-8234924 - Deprecate the legacy elliptic curves for removal
Relates :  
JDK-8298721 - Elliptic Curve Cryptography (ECC) Brainpool curves
Description
Summary
-------

Deprecate the elliptic curves that are currently supported by the native implementation of the SunEC provider with the intention of removing or replacing (a small number of) them in a subsequent JDK release. 

Problem
-------

These curves are not implemented using modern formulas and techniques. We have already replaced some of these curves (secp256r1, secp384r1, and secp512r1) with a more modern implementation -- see [JDK-8208698](https://bugs.openjdk.java.net/browse/JDK-8208698) for more details. With a few exceptions, the remaining curves are rarely used in practice. It does not make sense to invest what would be a significant amount of resources to replace them. Most of the curves have also been deprecated or obsoleted by TLS specifications - see [RFC 8446][1] and [RFC 8422][2].

Solution
--------

Since the curves are implementation-specific features, we cannot use the standard Deprecated annotation. Instead we will document the deprecation in the JDK Providers Guide and Release Notes. 

The names of the curves that will be deprecated is:

+ brainpoolP256r1
+ brainpoolP320r1
+ brainpoolP384r1
+ brainpoolP512r1
+ secp112r1
+ secp112r2
+ secp128r1
+ secp128r2
+ secp160k1
+ secp160r1
+ secp160r2
+ secp192k1
+ secp192r1
+ secp224k1
+ secp224r1
+ secp256k1
+ sect113r1
+ sect113r2
+ sect131r1
+ sect131r2
+ sect163k1
+ sect163r1
+ sect163r2
+ sect193r1
+ sect193r2
+ sect233k1
+ sect233r1
+ sect239k1
+ sect283k1
+ sect283r1
+ sect409k1
+ sect409r1
+ sect571k1
+ sect571r1
+ X9.62 c2tnb191v1
+ X9.62 c2tnb191v2
+ X9.62 c2tnb191v3
+ X9.62 c2tnb239v1
+ X9.62 c2tnb239v2
+ X9.62 c2tnb239v3
+ X9.62 c2tnb359v1
+ X9.62 c2tnb431r1
+ X9.62 prime192v2
+ X9.62 prime192v3
+ X9.62 prime239v1
+ X9.62 prime239v2
+ X9.62 prime239v3

If time and resources permit, a few of the curves (specifically the brainpool curves and the secp256k1 curve) may be replaced with more modern implementations instead of being removed.

Specification
-------------

These curves are already marked as legacy in the SunEC section of the [JDK Providers Guide][3]. This section will be updated to note that the curves are officially deprecated and will be removed or replaced in the next JDK release. A release note will also be published.

[1]: https://tools.ietf.org/html/rfc8446#appendix-B.3.1.4
[2]: https://tools.ietf.org/html/rfc8422#section-5.1.1
[3]: https://docs.oracle.com/en/java/javase/13/security/oracle-providers.html#GUID-091BF58C-82AB-4C9C-850F-1660824D5254
Comments
I assume this deprecation is consistent with the guidance in the crypto roadmap. Moving to Approved.
07-12-2019