|
From: | Nicodemo Alvaro |
Subject: | [Savannah-help-public] [sr #106651] Savannah should use CAcert.org-signed SSL certificates |
Date: | Fri, 27 Feb 2009 02:08:28 +0000 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009020517 IceCat/3.0.6-g1 |
Follow-up Comment #6, sr #106651 (project administration): Does Savannah use MD5 for the signature? I recall seeing some documentation on how to verify the ssl certificate and now I do not see it. According to this article, md5 signatures are very bad and have been cracked. Negate Schneier's messages about how nobody cares about SSL; it would be better to worry about what is the best practice. http://www.schneier.com/blog/archives/2008/12/forging_ssl_cer.html _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/support/?106651> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |