Re: removing keygen from HTML from Reto Gmür on 2016-05-31 (www-tag@w3.org from May 2016)

From: Reto Gmür <reto@gmuer.ch>
Date: Tue, 31 May 2016 13:40:04 +0200
To: Harry Halpin <hhalpin@ibiblio.org>, Graham Leggett <minfrin@sharp.fm>
Cc: Chaals McCathie Nevile <chaals@yandex-team.ru>, www-tag@w3.org
Message-Id: <1464694804.2494928.623494785.69396274@webmail.messagingengine.com>

On Tue, 31 May 2016, at 10:04, Harry Halpin wrote:
> I do not know anyone from the cryptographic or security community that
> would support keeping <keygen>. Indeed, the default response from the
> security/crypto community would be to drop <keygen> due to legacy
> usage of MD5 and violation of security boundaries (SOP).
That would also be my response if I was employed by the NSA and wanted
to prevent technologies that allow user controlled strong cryptography
and decentralized networks of trust (as enabled by webId).
 
Cheers,
Reto

Received on Tuesday, 31 May 2016 11:40:29 UTC