This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
I was looking at HTML 5.1 Nightly, 4.10.14 The keygen element http://www.w3.org/html/wg/drafts/html/master/forms.html#the-keygen-element It states ---- If the keytype attribute is in the RSA state Generate an RSA key pair using the settings given by the user, if appropriate, using the md5WithRSAEncryption RSA signature algorithm (the signature algorithm with MD5 and the RSA encryption algorithm) referenced in section 2.2.1 ("RSA Signature Algorithm") of RFC 3279, and defined in RFC 2313. [RFC3279] [RFC2313] --- Should SHA1 (or even SHA256 or other "SHA2" algorithms) not be mentioned at least as an alternative? While MD5 should be fine for requests, I understand that support is moving away from it towards the SHA algorithms. Or have I misunderstood the importance of this above statement?
Last I checked there was very little interest (pretty much none) in evolving keygen. The plan was that additions to this part of the platform would happen in the Web Crypto APIs. As such, I believe that the algorithm just describes the reality of what is implemented, and that there are no plans to enhance that.
HTML5.1 Bugzilla Bug Triage: Moved the discussion is now happening in the github issue [1]. Please continue the discussion on that issue if you feel this item has not been fully addressed. Thanks! [1] - https://github.com/w3c/html/issues/43