- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Sun, 30 Dec 2012 13:47:28 +0100
- CC: zooko@leastauthority.com, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
http://lists.w3.org/Archives/Public/public-webcrypto/2012Sep/0186.html
A possible way addressing these issues (which also has the advantage that it can be applied to algorithms that for some reason are found inadequate in the future), is that during key creation limit the key to a set of endorsed algorithms. The following XML fragment shows how this concept has been integrated in the SKS/KeyGen2 scheme ("KeyEntry" is a create-key object):
<KeyEntry
AppUsage="authentication"
EndorsedAlgorithms="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
ID="Key.1"
KeyAlgorithm="http://xmlns.webpki.org/keygen2/1.0#algorithm.rsa2048"
MAC="nlO9pILictqoygLtxC8n/lML9uPEkL1XEeBTQuSRrYM="/>
Regarding the risk that somebody uses a "bad" algorithm this is probably only going to happen in closed communities and IMO such communities tend to screw-up the rest as well so I wouldn't worry too much about that. IMO, it should be enough with a note "Not recommended for new designs".
Anders
Received on Sunday, 30 December 2012 12:48:03 UTC