* Cristian Ionescu-Idbohrn: > I noticed around 20 certificates distributed with the package > ca-certificates have "Signature Algorithm: md5WithRSAEncryption". > Reason to worry?
These are self-signatures and typically not checked anyway. When these CA certificates are used to issue other certificates, they can use SHA-1, and are not restricted to MD5. (Same comment applies to the certificates with MD2 self-signatures.) Only the CA knows if it still issues certificates with MD5 signatures. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
