Re: deprecating MD5 in signature verification for gnutls-{cli, serv}

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: deprecating MD5 in signature verification for gnutls-{cli, serv}

From:	Simon Josefsson
Subject:	Re: deprecating MD5 in signature verification for gnutls-{cli, serv}
Date:	Tue, 06 Jan 2009 22:50:56 +0100
User-agent:	Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux)

Nikos Mavrogiannopoulos <address@hidden> writes:

> Daniel Kahn Gillmor wrote:
>> On 01/06/2009 03:40 AM, Nikos Mavrogiannopoulos wrote:
>>> Looks like the correct thing to do. Apply it!
>
>> OK, it's applied to the git head.  Is this something that should be
>> backported to the 2.6 branch? 
>
> Since it is a bugfix i think it qualifies for backporting, but Simon
> should have the last word on that.

I agree, Daniel please backport it.  Please also add NEWS items for the
change.

To avoid regressions, I'm adding the chain to the self-tests.  It would
be useful if we had a more comprehensive self-test suite for X.509
chaining, given the three latest problems it seems this is an
under-tested area.  There is the PKITS stuff, but its license is
unclear...

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, (continued)
- Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Tomas Mraz, 2009/01/05
  - Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Tomas Mraz, 2009/01/05
    - Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Simon Josefsson, 2009/01/06
  - Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Daniel Kahn Gillmor, 2009/01/05
    - Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Daniel Kahn Gillmor, 2009/01/06
    - Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Daniel Kahn Gillmor, 2009/01/06
    - Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Nikos Mavrogiannopoulos, 2009/01/06
    - Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Daniel Kahn Gillmor, 2009/01/06
    - Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Nikos Mavrogiannopoulos, 2009/01/06
    - Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Daniel Kahn Gillmor, 2009/01/06
    - Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Simon Josefsson <=
    - Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Daniel Kahn Gillmor, 2009/01/06
    - Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Simon Josefsson, 2009/01/07
    - Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, Simon Josefsson, 2009/01/06

Prev by Date: Re: deprecating MD5 in signature verification for gnutls-{cli, serv}
Next by Date: Re: deprecating MD5 in signature verification for gnutls-{cli, serv}
Previous by thread: Re: deprecating MD5 in signature verification for gnutls-{cli, serv}
Next by thread: Re: deprecating MD5 in signature verification for gnutls-{cli, serv}
Index(es):
- Date
- Thread