- From: <bugzilla@jessica.w3.org>
- Date: Tue, 01 Jul 2014 02:43:49 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607 --- Comment #20 from Ryan Sleevi <sleevi@google.com> --- (In reply to Mark Nottingham from comment #19) > (In reply to Ryan Sleevi from comment #17) > > I strongly object/oppose this. You are the only person in this WG advocating > > MD2/MD5. You're proposed inclusion is seemingly an attempt to circumvent any > > WG discussion of these, by trying to include a normative note that precludes > > their use. > > Rather than trying to ascribe motives here, I think everyone would benefit > from this issue actually being discussed in the WG, full stop. Mark, Are you suggesting that a spec should include admonitions against/regarding something that it never once treats as part of the spec? Surely you can see how that seems strange. Who would such advice be? For authors? If so, the spec never once describes MD2 or MD5, so it is entirely out of context for authors - unless you consider it part of the spec's responsibility to describe how people should write secure protocols, something that I've objected to from the beginning (and which the spec itself recommends against). For implementors? If so, the spec never once describes MD2 or MD5, so for implementors, it's not at all something that would ever come up. It strikes me as entirely odd and incompatible with the idea of "scope" to suggest we should be discussing MD2/MD5, when the spec never once refers to it, and for which no one is advocating it be added. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Tuesday, 1 July 2014 02:43:51 UTC