W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2009

[whatwg] Only allow md5WithRSAEncryption with <keygen keytype=rsa>?

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 23 Oct 2009 02:33:59 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0910230228370.9145@hixie.dreamhostps.com>
On Wed, 21 Oct 2009, Adam Roben wrote:
>
> HTML5 currently says that the signature algorithm used with <keygen 
> keytype=rsa> should be any of "those listed in section 2.2.1 ('RSA 
> Signature Algorithm') of RFC 3279."
> 
> However, both WebKit and Gecko only ever use the md5WithRSAEncryption 
> signature algorithm. And apparently WebKit ran into compatibility issues 
> with MIT's websites back in 2004 when it tried to use the id-sha1 
> signature algorithm instead.
> 
> I'd recommend that HTML5 change to say that only the 
> md5WithRSAEncryption signature algorithm should be used for <keygen 
> keytype=rsa>.

Done.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 22 October 2009 19:33:59 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:18 UTC