Re: deprecating MD5 in signature verification for gnutls-{cli, serv}

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: deprecating MD5 in signature verification for gnutls-{cli, serv}

From:	Daniel Kahn Gillmor
Subject:	Re: deprecating MD5 in signature verification for gnutls-{cli, serv}
Date:	Tue, 06 Jan 2009 20:08:44 -0500
User-agent:	Mozilla-Thunderbird 2.0.0.17 (X11/20081018)

On 01/06/2009 04:50 PM, Simon Josefsson wrote:
> I agree, Daniel please backport it.  Please also add NEWS items for the
> change.

OK, this is now done.  i've backported for 2.6, but not for any earlier
branch.  this is such a trivial change that it would be no problem for
me to backport it to other branches if folks think that's the right
thing to do.  What branches are we targetting for this level of support?

> To avoid regressions, I'm adding the chain to the self-tests.  It would
> be useful if we had a more comprehensive self-test suite for X.509
> chaining, given the three latest problems it seems this is an
> under-tested area.  There is the PKITS stuff, but its license is
> unclear...

Thanks for adding that test, simon.

        --dkg

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: deprecating MD5 in signature verification for gnutls-{cli, serv}, (continued)

Prev by Date: Re: deprecating MD5 in signature verification for gnutls-{cli, serv}
Next by Date: Re: deprecating MD5 in signature verification for gnutls-{cli, serv}
Previous by thread: Re: deprecating MD5 in signature verification for gnutls-{cli, serv}
Next by thread: Re: deprecating MD5 in signature verification for gnutls-{cli, serv}
Index(es):
- Date
- Thread