Re: [TLS] Oracle's plans for Java crypto (mostly TLS-related)

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 13 September 2016 14:47 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0397812B576 for <tls@ietfa.amsl.com>; Tue, 13 Sep 2016 07:47:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.708
X-Spam-Level:
X-Spam-Status: No, score=-5.708 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.508] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WuZawcZ-BpQM for <tls@ietfa.amsl.com>; Tue, 13 Sep 2016 07:47:45 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2079212B690 for <tls@ietf.org>; Tue, 13 Sep 2016 07:13:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1473775997; x=1505311997; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=5bmKuelirzk6deDmhksui4y/0GfCUuFC+AACEbpyO2Q=; b=5rKnLG7LEbuQAdgG48o0BpyJBpcxEdbwHsv5eVLyI2n6dxFD9L3dfjPI xeiecYsZmTWPlkr0yBTTd3dhHfmnoZVe2JetfrXlWS+CaFrb6BSDsb6as JwZ1OlIegWr4amT0ieX3D4e8OGvvlW787YxM7ToelRzAUPbNsy02Bv14t pWZga5Uf2m42Bult+RH1MJHdcX3dLFPBp16Sz22lIoSttk1ofWVjk7Uqp LyhyQ4/ERTW3lYW0UKWi5fZyEZMoZRlQ9ekiV7V8rKIxbwRihBHMwVSD2 dp4dTQO4omChh3qKR2x0WI52maDEZm/euoJzn0DTtzBVB2vFceKN/FFbJ Q==;
X-IronPort-AV: E=Sophos;i="5.30,328,1470657600"; d="scan'208";a="105722287"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.3 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-ogg-b.UoA.auckland.ac.nz) ([10.6.2.3]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 14 Sep 2016 02:13:15 +1200
Received: from uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) by uxcn13-ogg-b.UoA.auckland.ac.nz (10.6.2.23) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 14 Sep 2016 02:13:15 +1200
Received: from uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::8081:99e3:dee2:203]) by uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::8081:99e3:dee2:203%14]) with mapi id 15.00.1178.000; Wed, 14 Sep 2016 02:13:15 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "Salz, Rich" <rsalz@akamai.com>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: Oracle's plans for Java crypto (mostly TLS-related)
Thread-Index: AdINw0AoTt0ykWR8Sq6SCRj2PHm3mgABJJ5d
Date: Tue, 13 Sep 2016 14:13:14 +0000
Message-ID: <1473775992661.2004@cs.auckland.ac.nz>
References: <bd10e25921a94cc39df263423d683ce8@usma1ex-dag1mb1.msg.corp.akamai.com>
In-Reply-To: <bd10e25921a94cc39df263423d683ce8@usma1ex-dag1mb1.msg.corp.akamai.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/J0ah4yhqsllsbWEAlzpVVfVY5bw>
Subject: Re: [TLS] Oracle's plans for Java crypto (mostly TLS-related)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2016 14:47:50 -0000

Salz, Rich <rsalz@akamai.com>; writes:

 >FYI:  https://www.java.com/en/jre-jdk-cryptoroadmap.html   

>From that page:

  2017-01-17 DSA Increase the minimum key length for DSA certificates to 1024 bits.

Will Oracle also be announcing upcoming support for Windows 95, that
newfangled Linux thing that's just appeared, and 32-bit compilers?

  2017 H2 Diffie-Hellman For SSL/TLS, increase the minimum key length to 1024 bits.

They missed out:

  2017 For SSL/TLS, discontinue MSDOS and Windows 3.1 support.

(The first, and weakest, PGP key I generated, quarter of a century ago under
DOS, was 1024 bits, same as what Oracle is setting their minimum to next
year some time).

Peter.