This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Section 18.2 lists recommended algorithms for implementers to promote interoperability. This list is based on a mixture of criteria including cryptographic strength and breadth of adoption. Based on these criteria, the following algorithms (adopted by JOSE when working from similar criteria) are candidates for adding to this section: • RSASSA-PKCS1-v1_5 using SHA-256 (This is in the Recommended set for JOSE, and more secure than the SHA-1 variant in the spec.) • RSA-OAEP using SHA-1 and MGF1 with SHA-1 (This is the RFC 3447 default and the mostly widely deployed OAEP variant. It is also the variant used by JOSE) (also see discussion at http://lists.w3.org/Archives/Public/public-webcrypto/2014Apr/0085.html)
In order to progress towards exit to Last Call for the Web Crypto API, the chair suggests the following resolution for that bug. Resolution : Bug RESOLVED as WONTFIX. Based on the fact that no contribution was made to the specification and no other WG participant supported the request. If none objects before the 20th of Oct @20:00 UTC, this resolution will be endorsed.
Closing according to Chair's proposed resolution.