Wan-Teh Chang wrote:
Does anyone know why HTML5 specifies <keygen> must use the
md5WithRSAEncryption signature algorithm? Was the use of MD5
discussed when <keygen> was standardized in HTML5?
Eddy, does your CA accept a SignedPublicKeyAndChallenge (SPKAC)
structure signed using sha1WithRSAEncryption?
Wan-Teh
I don't think that the hash function over the request that
- is used once
- is impossible to link to a particular container
- is always used over HTTPS
actually represents a problem since a (correctly written) CA
ignores all but the public key when it issues the certificate.
PKCS #10, SPAC, CRMF were not designed for browser provisioning
since you in a browser scenario have a "session" making it fairly
redundant sending stuff back and forth that you (the CA) already
know. As a "challenge" the additional stuff is fine though..
BTW, <keygen> was never standardized[*], because that would have
sinked the entire work since an average crypto standard takes
years to complete. KEYPROV is now wrapping up after almost 4
years of work.
Anders
*] Nobody even cared to put together any requirements...
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
