- From: <bugzilla@jessica.w3.org>
- Date: Tue, 03 Sep 2013 14:24:40 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=23139 Bug ID: 23139 Summary: MD5 is only message digest algorithm mentioned for keygen field Classification: Unclassified Product: HTML WG Version: unspecified Hardware: All OS: All Status: NEW Severity: minor Priority: P2 Component: HTML5 spec Assignee: dave.null@w3.org Reporter: j.kewley@dl.ac.uk QA Contact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-admin@w3.org, public-html-wg-issue-tracking@w3.org I was looking at HTML 5.1 Nightly, 4.10.14 The keygen element http://www.w3.org/html/wg/drafts/html/master/forms.html#the-keygen-element It states ---- If the keytype attribute is in the RSA state Generate an RSA key pair using the settings given by the user, if appropriate, using the md5WithRSAEncryption RSA signature algorithm (the signature algorithm with MD5 and the RSA encryption algorithm) referenced in section 2.2.1 ("RSA Signature Algorithm") of RFC 3279, and defined in RFC 2313. [RFC3279] [RFC2313] --- Should SHA1 (or even SHA256 or other "SHA2" algorithms) not be mentioned at least as an alternative? While MD5 should be fine for requests, I understand that support is moving away from it towards the SHA algorithms. Or have I misunderstood the importance of this above statement? -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Tuesday, 3 September 2013 14:24:43 UTC