W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2009

[whatwg] Only allow md5WithRSAEncryption with <keygen keytype=rsa>?

From: Adam Roben <aroben@apple.com>
Date: Wed, 21 Oct 2009 15:40:25 -0400
Message-ID: <1F665702-96C4-4E2D-AC4C-213D48E8829B@apple.com>
HTML5 currently says that the signature algorithm used with <keygen  
keytype=rsa> should be any of "those listed in section 2.2.1 ('RSA  
Signature Algorithm') of RFC 3279."

However, both WebKit and Gecko only ever use the md5WithRSAEncryption  
signature algorithm. And apparently WebKit ran into compatibility  
issues with MIT's websites back in 2004 when it tried to use the id- 
sha1 signature algorithm instead.

I'd recommend that HTML5 change to say that only the  
md5WithRSAEncryption signature algorithm should be used for <keygen  
keytype=rsa>.

-Adam
Received on Wednesday, 21 October 2009 12:40:25 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:18 UTC