This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 23139 - MD5 is only message digest algorithm mentioned for keygen field
Summary: MD5 is only message digest algorithm mentioned for keygen field
Status: RESOLVED MOVED
Alias: None
Product: HTML WG
Classification: Unclassified
Component: HTML5 spec (show other bugs)
Version: unspecified
Hardware: All All
: P2 editorial
Target Milestone: ---
Assignee: This bug has no owner yet - up for the taking
QA Contact: HTML WG Bugzilla archive list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-09-03 14:24 UTC by JK
Modified: 2016-04-22 18:01 UTC (History)
6 users (show)

See Also:


Attachments

Description JK 2013-09-03 14:24:40 UTC
I was looking at HTML 5.1 Nightly, 4.10.14 The keygen element
http://www.w3.org/html/wg/drafts/html/master/forms.html#the-keygen-element

It states
----
If the keytype attribute is in the RSA state
    Generate an RSA key pair using the settings given by the user, if appropriate, using the md5WithRSAEncryption RSA signature algorithm (the signature algorithm with MD5 and the RSA encryption algorithm) referenced in section 2.2.1 ("RSA Signature Algorithm") of RFC 3279, and defined in RFC 2313. [RFC3279] [RFC2313]
---

Should SHA1 (or even SHA256 or other "SHA2" algorithms) not be mentioned at least as an alternative? While MD5 should be fine for requests, I understand that support is moving away from it towards the SHA algorithms.

Or have I misunderstood the importance of this above statement?
Comment 1 Robin Berjon 2013-09-03 14:33:19 UTC
Last I checked there was very little interest (pretty much none) in evolving keygen. The plan was that additions to this part of the platform would happen in the Web Crypto APIs. As such, I believe that the algorithm just describes the reality of what is implemented, and that there are no plans to enhance that.
Comment 2 Arron Eicholz 2016-04-22 18:01:00 UTC
HTML5.1 Bugzilla Bug Triage: Moved the discussion is now happening in the github issue [1]. Please continue the discussion on that issue if you feel this item has not been fully addressed. Thanks!

[1] - https://github.com/w3c/html/issues/43