"Recommended" is a bad word :) from Salz, Rich on 2014-05-08 (public-webcrypto-comments@w3.org from May 2014)

From: Salz, Rich <rsalz@akamai.com>
Date: Thu, 8 May 2014 11:29:19 -0400
To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C7130A13E67A@USMBX1.msg.corp.akamai.com>

I just opened https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607, "Need to advise authors about security considerations"

As it says in the entry, "This defect is in collaboration with Kenny Paterson. I believe that taking the fixes below will also address 18925, 23499, 25431 (maybe, by lack of use:), 25569."

The number of changes that need to be made is small, non-intrusive, and hopefully not controversial.  In addition to Kenny, thanks to Ryan for an interesting discussion (albeit mostly via twitter :).

                /r$

PS:  As I am not on this list, please CC me on any replies.

--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rsalz@jabber.me<mailto:rsalz@jabber.me>; Twitter: RichSalz

Received on Thursday, 8 May 2014 15:29:48 UTC