* Philipp Kern: > Those are Root CAs with MD2 signatures on them. This does not mean that they > use MD2 to sign others, of course. Are those an attack vector and ought those > to be dropped from the package?
The attack vector requires a complete break of MD2. You'd take that published RSA-based self-signature on an MD2 hash value, and construct something which hashes to the same value under MD2, but is more meaningful than a self-signature (it could be another CA certificate, for instance). Cryptographically, self-signatures on root CA certificates do not matter. Some implementations check them, but this is a mere consistency check, adding no security value. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
