There’s a lot going on here.
1) The discussion about /etc/pki/tls/cert.pem and ca-certificates belongs
with your distro
2) Assuming your distro ships the Mozilla Root Store, which few do
correctly and successfully, the discussion about root certificates belongs
with mozilla.dev.security.policy instead
3) However, the signature algorithm on a root certificate does not matter,
because the signature on the root isn’t used. Root certificates are just
used as RFC5280 trust anchors, which means only the encoded Subject and
subjectPublicKeyInfo matter.
Hopefully that addresses your concerns!
On Mon, Apr 13, 2020 at 10:33 PM zhujianwei (C)
wrote:
> Hi, dev-tech-crypto
>
> I found /etc/pki/tls/cert.pem using 'Signature Algorithm:
> sha1WithRSAEncryption' from ca-certificates package. It is not safe
> algorithm.
> This is an unsafe algorithm. Are there plans to update to use a more
> secure algorithm?
> --
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
