- From: Eric Rescorla <ekr@rtfm.com>
- Date: Wed, 9 May 2012 21:58:16 -0700
- To: Nadim <nadim@nadim.cc>
- Cc: public-webcrypto@w3.org
On Wed, May 9, 2012 at 10:33 AM, Nadim <nadim@nadim.cc> wrote: > Hi everyone, > I think we need to have a discussion regarding whether the API will > exclusively implement (and rely on) newer, faster standards (such as ECDH, > ECDSA) or whether there will be a larger dependence on RSA, either for > fallback or stronger compatibility reasons. > > If it is eventually decided that not only the best available per-task > algorithm is implemented, but rather, all possible algorithms, where do we > draw the line? Do we implement SHA1 in addition to SHA2? Does that also > warrant an MD5 implementation? > > Personally, I believe that focusing only on the newer, more efficient > standards (such as ECC) is a better idea, but I stand very humbly by my > opinion and a much more interested in listening to the group's opinions. I don't really think it's a good idea to design a system which can't interoperate with the vast majority of signed data objects on the Internet, which use SHA-1 and RSA. -Ekr
Received on Thursday, 10 May 2012 05:03:44 UTC