Hello, Florian Weimer wrote: >>I just built it; it seems to work fine. > > Thanks.
No problem. Do you plan to issue a new DSA that applies this patch to etch's gnutls13? > The usual problem with X.509v1 certificates: if you add something to > the certificate store, assuming it's a server certificate, it turns > into a CA certificate. This might be a problem in some cases. But do you think anyone would still issue X.509v1 certificates? To the best of my knowledge, most server certificates are short-lasting (a few years) and all X.509v1 server certificates should have been expired for long... On the other hand, root certificates are supposed to be long-lasting (a few tens of years), so it's not surprising that some very old root certificates (including X.509v1 ones) are still in use... Regards, -- Nicolas Boullis École Centrale Paris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
