This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
I know you warned me about this, but the use of the words "Recommended algorithms" is somewhat confusing, especially since the list includes several weak algorithms. Any chance the section can be titled "Recommended algorithms for backwards compatibility" ? I would encourage the authors to not give AES-CBC as example code. This should be changed to AES-GCM. Why is AES-CFB on the list? ---- AES-CBC should not be used for encryption at all in his opinion. Mike Jones disagreed, noting it could be used correctly. A note specifying that AES-CBC should not be used for new protocols (at least without authentication). Dan would encourage use AES-PSM be added, refer to IETF (http://datatracker.ietf.org/doc/draft-mcgrew-aead-aes-cbc-hmac-sha2/) or federal version. Noting that AES-CFB also has issues, should also in Dan's opinion be removed or warned, even if it's not recommended. - Dan Boneh
Addressed on the mailing list to no further response.