- From: <bugzilla@jessica.w3.org>
- Date: Fri, 16 May 2014 13:28:31 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607 --- Comment #7 from Graham Steel <graham.steel@inria.fr> --- If there is a warning about currently known weaknesses and a note that this is a point-in-time snapshot and there is a need to keep abreast of the latest advances, there's a decent chance users of the API will at least pay some attention to algorithm choice. If there is no mention of these issues, there is an excellent chance that users of the API will not pay attention to this and end up using weak algorithms. In the first case, the application may still be insecure for any number of reasons. In the second case the application will almost certainly be insecure. Given this choice, I favour the first case. If the CFRG could maintain a "security status of commonly used crypto algorithms" document that would be extremely useful - and not just for this API - but whether they do or not the first option seems preferable. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Friday, 16 May 2014 13:28:35 UTC