Huh? It is relevant. But it is irrelevant for anything that is self-signed. Isn't it obvious?
On Thu, Mar 29, 2018 at 08:41:25PM +0200, Reindl Harald wrote: > > > Am 29.03.2018 um 20:29 schrieb Alex Smirnoff: > > Could you elaborate, exactly how weak hash could matter for self-signed > > certificate? Without vague references like "if you don't want to trust > > the NSA and NIST". I do not see any of those organisations stating that > > weak hash is dangerous for a situation where signature itself is > > irrelevant > > if the signature is irrelevant why do you use https at all? > WTF! > > there is no technical difference between your self-signed stuff or > certificates signed by a public CA except that you *one time* need to make > an exception in the client > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
