At 1:16 PM -0800 12/30/08, Nelson B Bolyard wrote: >Paul Hoffman wrote, On 2008-12-30 12:43: >> At 8:39 AM -0800 12/30/08, Nelson B Bolyard wrote: >>> The upshot of this is probably going to be that, in a short time, all >>> the world's browsers (and PKI software in general) stop supporting MD5 >>> for use in digital signatures. > >I should have written: digital signatures on certificates.
Actually, you were quoting someone else. >The patch that I wrote only affects signatures on digital certificates. Good. I am quite concerned if we start affecting signatures in things like Thunderbird. >Agreed. For that matter, we could permit MD5 signatures on certs whose >serial numbers are known to be random rather than sequential. But that's >not easy to determine by examining the cert itself. Correct. Let's not add a second layer of heuristics here. > > Of course, the trust anchor store for Firefox should be revised as soon >> as possible to include no trust anchors that use MD5 in their signature >> algorithm. > >Well, of course, it's not the signature on the root CA cert itself that >matters. It's the signature algorithm used on the certs issued by the >root. And the issuer is always free to change that whenever they wish. >(Maybe they would have to change their CP/CPS if they did that.) No >change to the trust anchor itself is required. Arrgh, I totally forgot that. alg-on-TA != alg-on-certs. One day I'll have that more firmly in my brain. > > Similarly, the trust anchor store for Firefox should be revised as soon >> as possible to include no trust anchors that use MD5 in their signature >> algorithm. > >The last two sentences are both about MD5. Did you mean MD2 Yes, sorry. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto