> if you're not sure you trust MD5, you're sorta doing it wrong. MD5 has been > deprecated already.
Yes, that's what i'm alluding to. [note the phrasing is a takeoff on original post in this thread] > there was just one SSL vendor shipping certs with MD5 signatures, and > they were supposed to get in touch with the customers to replace their > certs. I've always purchased from GoDaddy and they have been signing it > with SHA-1 for a long time. Most web surfers are not likely to know whether the HTTPS site that they are about to visit, has MD5 or SHA1 for the signature of the site's cert. So the need is for *all* sites everywhere to migrate off MD5. Not sure what the status of that is. /Randall [resend]
