New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
better integration with xml-encryption 1.1.0 release #429
Comments
@markstos Is this something that we wanted to address for the upcoming v3 release? |
@cjbarth We could enable the first phase-- issuing warnings by default for algorithms that are insecure that we will be dropping in a future release. Also, if we are able to enable the GCML algorithms to be in sync with the spec, we should (assuming they are still considered secure). In version three, we could have an "insecure algorithms option" that defaults to true-with-warning, with the option to go ahead and disable the insecure algorithms. So yes, I think it would good to address aspects of this in the next version. |
I was thinking that we could do like we did with a few other things and release a small PR for 2.x that has warnings and then just use the switch for the 3.x branch that we're building now. |
That works too. |
I'll gladly review a PR from you on that and I can probable make the 2.x deprecation version that matches the changes you make. |
I'd like to address multiple issues with our relationship with the xml-encryption package:
The text was updated successfully, but these errors were encountered: