W3C home > Mailing lists > Public > public-html@w3.org > August 2011

[Bug 13518] New: "The keygen element": The only supported signature algorithm is the outdated and insecure md5WithRSAEncryption. The element should at least have an optional signature algorithm, with the option to use the more secure sha1WithRSAEncryption and sha256WithRS

From: <bugzilla@jessica.w3.org>
Date: Tue, 02 Aug 2011 09:25:36 +0000
To: public-html@w3.org
Message-ID: <bug-13518-2495@http.www.w3.org/Bugs/Public/>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13518

           Summary: "The keygen element": The only supported signature
                    algorithm is the outdated and insecure
                    md5WithRSAEncryption. The element should at least have
                    an optional signature algorithm, with the option to
                    use the more secure sha1WithRSAEncryption and
                    sha256WithRS
           Product: HTML WG
           Version: unspecified
          Platform: Other
               URL: http://www.whatwg.org/specs/web-apps/current-work/#top
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P3
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: contributor@whatwg.org
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org


Specification: http://dev.w3.org/html5/spec/spec.html
Multipage: http://www.whatwg.org/C#top
Complete: http://www.whatwg.org/c#top

Comment:
"The keygen element":
The only supported signature algorithm is the outdated and insecure
md5WithRSAEncryption.

The element should at least have an optional signature algorithm, with the
option to use the more secure sha1WithRSAEncryption and
sha256WithRSAEncryption. Even better would be if md5WithRSAEncryption was not
supported or at least not the default - but that might of course cause
problems for legacy implementations.

Posted from: 193.162.155.202
User agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like
Gecko) Chrome/14.0.835.8 Safari/535.1

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Received on Tuesday, 2 August 2011 09:25:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:17:37 GMT