23139 2013-09-03 14:24:40 +0000 MD5 is only message digest algorithm mentioned for keygen field 2016-04-22 18:01:00 +0000 1 1 1 Unclassified HTML WG HTML5 spec unspecified All All RESOLVED MOVED P2 editorial --- 1 j.kewley dave.null arronei mathias mike public-html-admin public-html-wg-issue-tracking robin public-html-bugzilla oldest_to_newest 92880 0 j.kewley 2013-09-03 14:24:40 +0000 I was looking at HTML 5.1 Nightly, 4.10.14 The keygen element http://www.w3.org/html/wg/drafts/html/master/forms.html#the-keygen-element It states ---- If the keytype attribute is in the RSA state Generate an RSA key pair using the settings given by the user, if appropriate, using the md5WithRSAEncryption RSA signature algorithm (the signature algorithm with MD5 and the RSA encryption algorithm) referenced in section 2.2.1 ("RSA Signature Algorithm") of RFC 3279, and defined in RFC 2313. [RFC3279] [RFC2313] --- Should SHA1 (or even SHA256 or other "SHA2" algorithms) not be mentioned at least as an alternative? While MD5 should be fine for requests, I understand that support is moving away from it towards the SHA algorithms. Or have I misunderstood the importance of this above statement? 92881 1 robin 2013-09-03 14:33:19 +0000 Last I checked there was very little interest (pretty much none) in evolving keygen. The plan was that additions to this part of the platform would happen in the Web Crypto APIs. As such, I believe that the algorithm just describes the reality of what is implemented, and that there are no plans to enhance that. 126050 2 arronei 2016-04-22 18:01:00 +0000 HTML5.1 Bugzilla Bug Triage: Moved the discussion is now happening in the github issue [1]. Please continue the discussion on that issue if you feel this item has not been fully addressed. Thanks! [1] - https://github.com/w3c/html/issues/43