signature.ascDescription: OpenPGP digital signature
|
| From: | Daniel Kahn Gillmor |
| Subject: | Re: deprecating MD5 in signature verification for gnutls-{cli, serv} |
| Date: | Mon, 05 Jan 2009 14:31:12 -0500 |
| User-agent: | Mozilla-Thunderbird 2.0.0.17 (X11/20081018) |
On 01/05/2009 01:48 PM, Tomas Mraz wrote:
> If the only MD5 used in signatures is in the _trusted_ CA cert (and not
> in the leaf and intermediate certificates) it is OK. But it is not the
> case of the support.mayfirst.org site. But I don't see how the removal
> of the last selfsigned certificate from the chain could break the
> algorithm. There must be some different bug in play.
I agree with this assessment. It would be really useful in debugging if
certtool was able to use the same internal algorithm that the other
tools use. I'm sorry that i haven't had the time to debug this further yet.
--dkg
signature.asc
Description: OpenPGP digital signature
| [Prev in Thread] | Current Thread | [Next in Thread] |