It is relevant. But it is irrelevant for anything that is self-signed.
Isn't it obvious?

On Thu, Mar 29, 2018 at 08:41:25PM +0200, Reindl Harald wrote:
> Am 29.03.2018 um 20:29 schrieb Alex Smirnoff:
> > Could you elaborate, exactly how weak hash could matter for self-signed
> > certificate? Without vague references like "if you don't want to trust
> > the NSA and NIST". I do not see any of those organisations stating that
> > weak hash is dangerous for a situation where signature itself is
> > irrelevant
> if the signature is irrelevant why do you use https at all?
> WTF!
> there is no technical difference between your self-signed stuff or
> certificates signed by a public CA except that you *one time* need to make
> an exception in the client
> _______________________________________________
> Openvas-discuss mailing list
Openvas-discuss mailing list

Reply via email to