[whatwg] Only allow md5WithRSAEncryption with <keygen keytype=rsa>? from Adam Roben on 2009-10-21 (public-whatwg-archive@w3.org from October 2009)

From: Adam Roben <aroben@apple.com>
Date: Wed, 21 Oct 2009 15:40:25 -0400
Message-ID: <1F665702-96C4-4E2D-AC4C-213D48E8829B@apple.com>

HTML5 currently says that the signature algorithm used with <keygen  
keytype=rsa> should be any of "those listed in section 2.2.1 ('RSA  
Signature Algorithm') of RFC 3279."

However, both WebKit and Gecko only ever use the md5WithRSAEncryption  
signature algorithm. And apparently WebKit ran into compatibility  
issues with MIT's websites back in 2004 when it tried to use the id- 
sha1 signature algorithm instead.

I'd recommend that HTML5 change to say that only the  
md5WithRSAEncryption signature algorithm should be used for <keygen  
keytype=rsa>.

-Adam

Received on Wednesday, 21 October 2009 12:40:25 UTC