W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2011

[whatwg] <keygen> element

From: Martin Bo▀let <martin.bosslet@googlemail.com>
Date: Thu, 20 Oct 2011 20:55:47 +0200
Message-ID: <CAFfYYxJ1pGrjnEkEgjO_zOUVLqtfAWG92+FrgFU_g=NPF4_WPQ@mail.gmail.com>
In "4.10.14 The keygen element":

>Generate an RSA key pair using the settings given by the user, if appropriate,
>using the md5WithRSAEncryption RSA signature algorithm (the signature
>algorithm with MD5 and the RSA encryption algorithm) referenced in section
>2.2.1 ("RSA Signature Algorithm") of RFC 3279, and defined in RFC 2313.
>[RFC3279] [RFC2313]

Wouldn't it be better to at least recommend sha1WithRSAEncryption or better
even, sha256WithRSAEncryption, given that MD5 is generally considered as
broken?

Best regards,
Martin Bo?let
Received on Thursday, 20 October 2011 11:55:47 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:37 UTC