- From: <bugzilla@jessica.w3.org>
- Date: Tue, 01 Jul 2014 03:08:43 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607 --- Comment #23 from Rich Salz <rsalz@akamai.com> --- If there's too much technical detail it will go over the heads of those who most need guidance. If you want such detail, see the link in comment 9. As for avoiding a 'living spec' kind of thing, that's the problem with security: it's all about trade-offs. You can have a document for the ages that will never be wrong, but if absent advice of the moment can lead people astray. If that's what the WG wants, so be it. Others (see comment 7 for example) would disagree. As for the criteria of which algorithms get marked and which don't: I based it on the advice of Paterson, Graham, Rogaway, NIST, and similar authorities. Backed up by the papers listed in the would-be security references section. If the WG wants to make more conservative choices, more power to them. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Tuesday, 1 July 2014 03:08:44 UTC