- From: <bugzilla@jessica.w3.org>
- Date: Mon, 30 Jun 2014 15:46:42 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607 --- Comment #15 from Rich Salz <rsalz@akamai.com> --- I am updating my request for changes, based on the draft I see today. All other issues are closed, and this is what remains. It is, still, the core concern of this bug report. In Section 6.2, after the the first sentence of the first paragraph add "(See also section 21, below.)" In section 21, after the first sentence, add the following: "A blank field means no registration, a check means registration, and a plus means registration, but that at the time of this writing there are known security issues with that particular combination. (See Section 23.2, Security References, below.)" In section 21, in the table, for the rows labeled AES-CTR, AES-CBC, AES-CFB, and SHA-1 replace the check-mark with a plus sign (or other graphic). In section 21, after the table, add the following text: "Entries with a plus sign SHOULD only be used when interoperating with existing formats and protocols. Although not registered in this document, the digest mechanisms MD2 and MD5 referenced in various related standards SHOULD never be used to generate data." Replace the words "plus sign" with whatever description is appropriate for the graphic you choose. Include a Security References section, suggested as 23.2. Include the documents listed in the original description of this bug report. Considering adding a reference to Graham's "cryptosense" blog posting, in whatever form you find appropriate. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Monday, 30 June 2014 15:46:43 UTC