Florian Weimer <f...@deneb.enyo.de> writes: > * Simon Josefsson: > >> What can be done here is to produce better documentation, perhaps in >> release notes. People must be aware that trusting X.509 certificate >> chains containing RSA-MD5 signatures or V1 CAs is insecure. > > I think it is somewhat debatable if this also applies to the root CA > container, where the X.509 structure is just use as a transport for > key material. The RSA-MD5 signature does not hurt there
Agreed. That is how GnuTLS works now; it doesn't validate signatures in trusted CA certificates. > and the DN doesn't really matter, either. The SubjectDN of the CA needs to match the IssuerDN of the next cert in the chain. > The risk I see is that someone adds a v1 *server* certificate to the > trusted list, without realizing that it will act as a *CA* certificate > in this place. Exactly. /Simon -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org