W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2014

Re: [W3C Web Crypto WG] Security considerations and recommended algorithms bug

From: Richard Barnes <rlb@ipv.sx>
Date: Fri, 9 May 2014 08:16:21 -0700
Message-ID: <CAL02cgSQ0NY8rx4rm1LaqaYE9okC52mGj43sf2oYXzq4kAa_gg@mail.gmail.com>
To: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Harry Halpin <hhalpin@w3.org>
The text proposed in the bug looks fine to me.  It's a gentle nudge to get
people who might be on the fence to use the algorithms that are currently
thought to be more secure.  It seems like a lot of Ryan's arguments are
trying to put a much finer point on it, and that's not necessary.

My only quibble would be that using a "+" sign for bad algorithms seems
rather backwards.  Maybe a U+2639 character?


On Fri, May 9, 2014 at 6:12 AM, GALINDO Virginie <
Virginie.GALINDO@gemalto.com> wrote:

>  Hi all,
>
> This is just to bring your attention on the fact that we received a
> “blocking bug” from Rich Salz and Kenny Patterson about the need to improve
> our security considerations in *Bug 25607* [1]
>
> Ryan is working on it, but views/support from all implementers would be
> helpful …
>
> Regards,
>
> Virginie
>
>
>
> [1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607
>
>
>
>
>
> ------------------------------
> This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for
> the message if altered, changed or falsified. If you are not the intended
> recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus
>
Received on Friday, 9 May 2014 15:16:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC