|
From: | Daniel Kahn Gillmor |
Subject: | Re: deprecating MD5 in signature verification for gnutls-{cli, serv} |
Date: | Mon, 05 Jan 2009 14:31:12 -0500 |
User-agent: | Mozilla-Thunderbird 2.0.0.17 (X11/20081018) |
On 01/05/2009 01:48 PM, Tomas Mraz wrote: > If the only MD5 used in signatures is in the _trusted_ CA cert (and not > in the leaf and intermediate certificates) it is OK. But it is not the > case of the support.mayfirst.org site. But I don't see how the removal > of the last selfsigned certificate from the chain could break the > algorithm. There must be some different bug in play. I agree with this assessment. It would be really useful in debugging if certtool was able to use the same internal algorithm that the other tools use. I'm sorry that i haven't had the time to debug this further yet. --dkg
signature.asc
Description: OpenPGP digital signature
[Prev in Thread] | Current Thread | [Next in Thread] |