- From: <bugzilla@jessica.w3.org>
- Date: Tue, 02 Aug 2011 09:25:36 +0000
- To: public-html@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13518
Summary: "The keygen element": The only supported signature
algorithm is the outdated and insecure
md5WithRSAEncryption. The element should at least have
an optional signature algorithm, with the option to
use the more secure sha1WithRSAEncryption and
sha256WithRS
Product: HTML WG
Version: unspecified
Platform: Other
URL: http://www.whatwg.org/specs/web-apps/current-work/#top
OS/Version: other
Status: NEW
Severity: normal
Priority: P3
Component: HTML5 spec (editor: Ian Hickson)
AssignedTo: ian@hixie.ch
ReportedBy: contributor@whatwg.org
QAContact: public-html-bugzilla@w3.org
CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
public-html@w3.org
Specification: http://dev.w3.org/html5/spec/spec.html
Multipage: http://www.whatwg.org/C#top
Complete: http://www.whatwg.org/c#top
Comment:
"The keygen element":
The only supported signature algorithm is the outdated and insecure
md5WithRSAEncryption.
The element should at least have an optional signature algorithm, with the
option to use the more secure sha1WithRSAEncryption and
sha256WithRSAEncryption. Even better would be if md5WithRSAEncryption was not
supported or at least not the default - but that might of course cause
problems for legacy implementations.
Posted from: 193.162.155.202
User agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like
Gecko) Chrome/14.0.835.8 Safari/535.1
--
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Received on Tuesday, 2 August 2011 09:25:37 UTC