Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Spec compliance at the cost of more dependencies?

Subject: OpenSAML user discussion

List archive

Re: Spec compliance at the cost of more dependencies?


Chronological Thread 
  • From: Derek Morr <>
  • To:
  • Subject: Re: Spec compliance at the cost of more dependencies?
  • Date: Mon, 04 Dec 2006 09:49:13 -0500

Chad La Joie wrote:
The Java JCE does not support a given set of functionality that is going to be required for specification compliance in areas like digital signing and encryption. For example, one spec requires support for AES 128 and 256 yet the Sun JCE doesn't support that algorithm.

What required abilities does the Sun JCE lack? It does support AES-128 and -256, even in 1.4.2 (although I believe 256-bit keys requires installing the unlimited JCE policy files).

So, here's the question. For those using the Sun JRE, is requiring a dependency on a different JCE, e.g. bouncycastle, acceptable or are you willing to forgo specification compliance in order to avoid another dependency?

Don't we already have an (implicit) dependence on Bouncycastle, since Apache's xmlsec library uses it? I'm not in favor of requiring a specific JCE, but if we're already doing it, I'm not sure I see the problem of requiring it elsewhere.

-derek



Archive powered by MHonArc 2.6.16.

Top of Page