On Tue, Mar 09, 1999 at 09:32:45AM +0100, Michael Hallgren wrote:
> On Mon, Mar 08, 1999 at 11:35:27PM +0100, Erwann ABALEA wrote:
> > On Mon, 8 Mar 1999, J. Andres Hall wrote:
> >
> > > >> Not much of one, of course, since whoever modified it could also modify
> > > >> the MD5!
> > > >
> > > >Correct, the MD5 is actually intended to just let people quicky check wheter
> > > >some download/transfer errors occured. For real guarantee we should sign it
> > > >via PGP.
> > > > Ralf S. Engelschall
> > >
> > >
> > > Why would you use PGP to sign the source of an X.509-capable Package?
> >
> > Maybe because OpenSSL is full of backdoors and the core team don't trust
> > it??? ;-)
>
>
> :-)
>
>
>
> >
> > Just kidding...
> >
> > Anyway, that's a good question, there's a real need to perform PKCS#7
> > signing, or S/MIME signing... or anything that could be useful in this
> > sense...
>
>
>
> I agree. MD5 check shouldn't be taken for more than it is ! I'd rather go
> for PGP or why not (?) its Gnu equivalent.
>
The real problem is (probably) to decide upon a standard ;). I believe Erwann's
right speaking PKCS.
mh
>
> Cheers
>
> mh
>
> >
> > --
> > Erwann ABALEA
> > System and Development Engineer - Certplus SA
> > [EMAIL PROTECTED]
> > - RSA PGP Key ID: 0x2D0EABD5 -
> >
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> --
> Michael Hallgren, Graphnet Systems, http://mh.graphnet.fr
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Michael Hallgren, Graphnet Systems, http://mh.graphnet.fr
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
