Bug 13518 - "The keygen element": The only supported signature algorithm is the outdated and insecure md5WithRSAEncryption. The element should at least have an optional signature algorithm, with the option to use the more secure sha1WithRSAEncryption and sha256WithRS
"The keygen element": The only supported signature algorithm is the outdated ...
Status: RESOLVED NEEDSINFO
Product: HTML WG
Classification: Unclassified
Component: LC1 HTML5 spec
unspecified
Other other
: P3 normal
: ---
Assigned To: Ian 'Hixie' Hickson
HTML WG Bugzilla archive list
http://www.whatwg.org/specs/web-apps/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-08-02 09:25 UTC by contributor
Modified: 2011-08-14 09:31 UTC (History)
7 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description contributor 2011-08-02 09:25:36 UTC
Specification: http://dev.w3.org/html5/spec/spec.html
Multipage: http://www.whatwg.org/C#top
Complete: http://www.whatwg.org/c#top

Comment:
"The keygen element":
The only supported signature algorithm is the outdated and insecure
md5WithRSAEncryption.

The element should at least have an optional signature algorithm, with the
option to use the more secure sha1WithRSAEncryption and
sha256WithRSAEncryption. Even better would be if md5WithRSAEncryption was not
supported or at least not the default - but that might of course cause
problems for legacy implementations.

Posted from: 193.162.155.202
User agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.8 Safari/535.1
Comment 1 Michael[tm] Smith 2011-08-04 05:02:07 UTC
mass-moved component to LC1
Comment 2 bblfish 2011-08-06 13:12:22 UTC
The MD5 situation can be mitigated by the server using a time based challenge. The challenge gets added to to the generated public key and both get signed.  This can reduce the attack surface to a few minutes. I doubt md5 is not up to that.

Better signature would be better of course. But it is not clear to me what is gained anyway by this signature. What attack is it warding off against? Nothing can be done anyway with a certificate for which one does not have the private key.
Comment 3 Anne 2011-08-14 09:31:29 UTC
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document: <http://dev.w3.org/html5/decision-policy/decision-policy.html>.

Status: Rejected
Change Description: no spec change
Rationale: Is there any interest from vendors in expanding the scope of this element? It seems the current direction for cryptography on the web is APIs.