Sam Morris writes:
> Maybe in a few years, NSS will have disabled the use of MD5 and the
> ancient MD2 algorithm. I wonder how many other insecure algorithms are
> still lurking in NSS, OpenSSL, GNU TLS, Java, etc...
In GnuTLS, we decided in 2005 that certificate signatures with MD5
should be
On Thu, Jan 01, 2009 at 12:45:22PM -0500, Micah Anderson wrote:
> >>On Wed, 31 Dec 2008, Micah Anderson wrote:
> >>
> >> Does anyone have a legitimate reason to trust any particular Certificate
> >> Authority?
> > Yves-Alexis Perez writes:
> >
> > > I may b
Cristian Ionescu-Idbohrn wrote:
> http://www.win.tue.nl/hashclash/rogue-ca/
>
> Could some skilled person comment on the article?
>
> I noticed around 20 certificates distributed with the package
> ca-certificates have "Signature Algorithm: md5WithRSAEncryption".
> Reason to worry?
>
>
Hi,
(I
In article <0901011447100.8...@somehost> you wrote:
>Signature Algorithm: md5WithRSAEncryption
>^
> should be distributed at all.
Yes, because it is the self signature, but since we distribute the CA
certificate it is not checked but trusted. The qu
>>On Wed, 31 Dec 2008, Micah Anderson wrote:
>>
>> Does anyone have a legitimate reason to trust any particular Certificate
>> Authority?
> Yves-Alexis Perez writes:
>
> > I may be wrong, but I trust the CAs in ca-certificates. I've followed
> > the add of
On Thu, Jan 1, 2009 at 9:56 AM, Sam Morris wrote:
> Maybe in a few years, NSS will have disabled the use of MD5 and the
> ancient MD2 algorithm. I wonder how many other insecure algorithms are
> still lurking in NSS, OpenSSL, GNU TLS, Java, etc...
Having programmed with OpenSSL a fair amount, I c
On Wed, 31 Dec 2008 02:39:53 +0100, Cristian Ionescu-Idbohrn wrote:
> http://www.win.tue.nl/hashclash/rogue-ca/
>
> Could some skilled person comment on the article?
>
> I noticed around 20 certificates distributed with the package
> ca-certificates have "Signature Algorithm: md5WithRSAEncryptio
Yves-Alexis Perez writes:
> I may be wrong, but I trust the CAs in ca-certificates. I've followed
> the add of French Gvt CA Certificates, and the procedure was enough
> strict to give me this trust impression.
>
> I would hope that other CA are checked to be trustworthy enough before
> adding th
On Wed, 31 Dec 2008 02:39:53 +0100, Cristian Ionescu-Idbohrn wrote:
> http://www.win.tue.nl/hashclash/rogue-ca/
>
> Could some skilled person comment on the article?
>
> I noticed around 20 certificates distributed with the package
> ca-certificates have "Signature Algorithm: md5WithRSAEncryptio
On Thu, 01 Jan 2009, Cristian Ionescu-Idbohrn wrote:
> Still, the original question was (sort of) whether MD5 signed certificates
> like this one:
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 1 (0x1)
> Signature Algorithm: md5WithRSAEncryption
> ^
On mer, 2008-12-31 at 14:15 -0500, Micah Anderson wrote:
>
> Does anyone have a legitimate reason to trust any particular
> Certificate Authority?
I may be wrong, but I trust the CAs in ca-certificates. I've followed
the add of French Gvt CA Certificates, and the procedure was enough
strict to g
On Wed, 31 Dec 2008, Micah Anderson wrote:
> Does anyone have a legitimate reason to trust any particular Certificate
> Authority?
Right. Thing is it's not straight forward to remove package
ca-certificates. On my systems, some 60 other packages depend on it :(
The alternative may be to reconfi
On Wed, 2008-12-31 at 14:15 -0500, Micah Anderson wrote:
> Does anyone have a legitimate reason to trust any particular Certificate
> Authority?
The trust comes with knowing the procedures a CA uses to verify the
particulars of the people asking (or indeed paying) them to sign
certificates. The
On Wed, Dec 31, 2008 at 02:15:18PM -0500, Micah Anderson wrote:
Does anyone have a legitimate reason to trust any particular Certificate
Authority?
Of course--some charge *lots* of money, and we all know that expensive
bits are better than cheap bits.
Mike Stone
--
To UNSUBSCRIBE, email t
* bgr...@toplitzer.net [2008-12-31 05:47-0500]:
> On Mittwoch, 31. Dezember 2008, Cristian Ionescu-Idbohrn wrote:
> > http://www.win.tue.nl/hashclash/rogue-ca/
> >
> > Could some skilled person comment on the article?
> >
> > I noticed around 20 certificates distributed with the package
> > ca-cer
* Cristian Ionescu-Idbohrn:
> I noticed around 20 certificates distributed with the package
> ca-certificates have "Signature Algorithm: md5WithRSAEncryption".
> Reason to worry?
These are self-signatures and typically not checked anyway. When
these CA certificates are used to issue other certif
On Mittwoch, 31. Dezember 2008, Cristian Ionescu-Idbohrn wrote:
> http://www.win.tue.nl/hashclash/rogue-ca/
>
> Could some skilled person comment on the article?
>
> I noticed around 20 certificates distributed with the package
> ca-certificates have "Signature Algorithm: md5WithRSAEncryption".
> R
http://www.win.tue.nl/hashclash/rogue-ca/
Could some skilled person comment on the article?
I noticed around 20 certificates distributed with the package
ca-certificates have "Signature Algorithm: md5WithRSAEncryption".
Reason to worry?
Cheers,
--
Cristian
--
To UNSUBSCRIBE, email to debia
18 matches
Mail list logo
