[Bug 13518] "The keygen element": The only supported signature algorithm is the outdated and insecure md5WithRSAEncryption. The element should at least have an optional signature algorithm, with the option to use the more secure sha1WithRSAEncryption and sha256WithRS from bugzilla@jessica.w3.org on 2011-08-06 (public-html-bugzilla@w3.org from August 2011)

From: <bugzilla@jessica.w3.org>
Date: Sat, 06 Aug 2011 13:12:22 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1Qpgfu-0007UE-Q7@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=13518

bblfish <henry.story@bblfish.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |henry.story@bblfish.net

--- Comment #2 from bblfish <henry.story@bblfish.net> 2011-08-06 13:12:22 UTC ---
The MD5 situation can be mitigated by the server using a time based challenge.
The challenge gets added to to the generated public key and both get signed. 
This can reduce the attack surface to a few minutes. I doubt md5 is not up to
that.

Better signature would be better of course. But it is not clear to me what is
gained anyway by this signature. What attack is it warding off against? Nothing
can be done anyway with a certificate for which one does not have the private
key.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Saturday, 6 August 2011 13:12:28 UTC