[Bug 23139] New: MD5 is only message digest algorithm mentioned for keygen field from bugzilla@jessica.w3.org on 2013-09-03 (public-html-bugzilla@w3.org from September 2013)

From: <bugzilla@jessica.w3.org>
Date: Tue, 03 Sep 2013 14:24:40 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-23139-2486@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=23139

            Bug ID: 23139
           Summary: MD5 is only message digest algorithm mentioned for
                    keygen field
    Classification: Unclassified
           Product: HTML WG
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: HTML5 spec
          Assignee: dave.null@w3.org
          Reporter: j.kewley@dl.ac.uk
        QA Contact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-admin@w3.org,
                    public-html-wg-issue-tracking@w3.org

I was looking at HTML 5.1 Nightly, 4.10.14 The keygen element
http://www.w3.org/html/wg/drafts/html/master/forms.html#the-keygen-element

It states
----
If the keytype attribute is in the RSA state
    Generate an RSA key pair using the settings given by the user, if
appropriate, using the md5WithRSAEncryption RSA signature algorithm (the
signature algorithm with MD5 and the RSA encryption algorithm) referenced in
section 2.2.1 ("RSA Signature Algorithm") of RFC 3279, and defined in RFC 2313.
[RFC3279] [RFC2313]
---

Should SHA1 (or even SHA256 or other "SHA2" algorithms) not be mentioned at
least as an alternative? While MD5 should be fine for requests, I understand
that support is moving away from it towards the SHA algorithms.

Or have I misunderstood the importance of this above statement?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Tuesday, 3 September 2013 14:24:43 UTC