W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2012

Re: ECC vs RSA, and Similar Conflicts

From: Wan-Teh Chang <wtc@google.com>
Date: Wed, 9 May 2012 15:03:05 -0700
Message-ID: <CALTJjxHv7mnPm0j=qqm8Xe=09kQnur5qJ4p-Kp23d6fkV69OYg@mail.gmail.com>
To: Nadim <nadim@nadim.cc>
Cc: Jarred Nicholls <jarred@webkit.org>, public-webcrypto@w3.org
On Wed, May 9, 2012 at 2:55 PM, Nadim <nadim@nadim.cc> wrote:
> Here's an interesting question, then:
> Let's assume, for the sake of argument, that SHA2 is widely recognized as
> being a better alternative to SHA1. However, SHA1 is not only far from
> broken, but is also as widely used as SHA2, if not more.
>
> What happens in such a scenario? Do we implement only SHA2 (knowing it to be
> more secure) or do we still include SHA1, even if it's the less secure
> alternative?

I think the Web Cryptography API (at least the low-level interface)
should allow SHA-1 and SHA-2.

Wan-Teh
Received on Thursday, 10 May 2012 15:48:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:01:01 UTC