Sean Mullan

I think this will miss cases where the certificates are part of a chain, and the application (or JDK code) is calling `CertificateFactory.generateCertPath` or `generateCertificates`, whereas the previous code would...

> I think this will miss cases where the certificates are part of a chain, and the application (or JDK code) is calling `CertificateFactory.generateCertPath` or `generateCertificates`, whereas the previous code...

> Thanks for the feedback Sean. Yes - this event should also cater for the internal `new X509CertImpl` type calls that are sprinkled through some of the security libraries. >...

Do you think it is that useful to have keytool record events? Ok, I guess some apps could be execing keytool, but that would be in a separate process, and...

> > Do you think it is that useful to have keytool record events? Ok, I guess some apps could be execing keytool, but that would be in a separate...

> My vote would be to leave it out. `keytool` already emits warnings when weak algorithms are used. It seems we both agree that few users, will likely enable JFR...

Can we change the issue title to "Add Certigna Root CA" since only one root is being added?

@XueleiFan, I have some questions about this integration. The performance numbers you last posted showed some very small improvements but also some regressions in throughput numbers, so its not clear...

> @seanjmullan if you check the benchmark numbers, the throughput impact is limited. For some curves, it is improved; and some others is impacted. In theory of this update, it...

Suggest changing the title of the issue to "Add thread and timestamp options to java.security.debug system property"