Huh?

It is relevant. But it is irrelevant for anything that is self-signed.
Isn't it obvious?

On Thu, Mar 29, 2018 at 08:41:25PM +0200, Reindl Harald wrote:
> 
> 
> Am 29.03.2018 um 20:29 schrieb Alex Smirnoff:
> > Could you elaborate, exactly how weak hash could matter for self-signed
> > certificate? Without vague references like "if you don't want to trust
> > the NSA and NIST". I do not see any of those organisations stating that
> > weak hash is dangerous for a situation where signature itself is
> > irrelevant
> 
> if the signature is irrelevant why do you use https at all?
> WTF!
> 
> there is no technical difference between your self-signed stuff or
> certificates signed by a public CA except that you *one time* need to make
> an exception in the client
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Reply via email to