-
-
Save csarven/e5d190e82015f5f41b18 to your computer and use it in GitHub Desktop.
Re: [whatwg] deprecating <keygen>
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From - Fri Sep 04 15:54:32 2015 | |
X-Mozilla-Status: 1015 | |
X-Mozilla-Status2: 00800000 | |
X-Mozilla-Keys: $label1 | |
From: Sarven Capadisli <info@csarven.ca> | |
Subject: Re: [whatwg] deprecating <keygen> | |
To: whatwg@whatwg.org | |
References: <alpine.DEB.2.00.1509031804230.23815@ps20323.dreamhostps.com> | |
<alpine.DEB.2.00.1509031804230.23815@ps20323.dreamhostps.com> | |
Message-ID: <55E9A297.30002@csarven.ca> | |
Date: Fri, 4 Sep 2015 15:54:31 +0200 | |
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 | |
Thunderbird/38.2.0 | |
MIME-Version: 1.0 | |
In-Reply-To: <alpine.DEB.2.00.1509031804230.23815@ps20323.dreamhostps.com> | |
Content-Type: text/plain; charset=utf-8; format=flowed | |
Content-Transfer-Encoding: 8bit | |
On 2015-09-03 18:21:00 +0000, Ian Hickson wrote: | |
> The post foolip pointed to points out that <keygen> is actually rather | |
> insecure (e.g. using MD5). One could argue that _keeping_ <keygen> is | |
> actually more harmful to asymetric-key cryptography than removing it... | |
I presume the information you are referring to, in which neither Philip | |
Jägenstedt or yourself cited is the following: | |
"4) <keygen> itself is problematically and incompatibly insecure - | |
requiring the use of MD5 in a signing algorithm as part of the SPKAC | |
generated. This can't easily be changed w/o breaking compatibility with | |
UAs" [1]. Neither did it provide citations or clarify the position. | |
Nevertheless, '<keygen> & "md5WithRSAEncryption"' [2] offers an | |
explanations with references, not to mention that it is accompanied with | |
code and diagram, to help clarify the misunderstanding of [1] and WHATWG. | |
Does that help? | |
[1] | |
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/pX5NbX0Xack/kmHsyMGJZAMJ | |
[2] https://github.com/whatwg/html/issues/102 | |
-Sarven | |
http://csarven.ca/#i |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment