Sam Morris s...@robots.org.uk writes:
Maybe in a few years, NSS will have disabled the use of MD5 and the
ancient MD2 algorithm. I wonder how many other insecure algorithms are
still lurking in NSS, OpenSSL, GNU TLS, Java, etc...
In GnuTLS, we decided in 2005 that certificate signatures
On Thu, Jan 01, 2009 at 12:45:22PM -0500, Micah Anderson wrote:
On Wed, 31 Dec 2008, Micah Anderson wrote:
Does anyone have a legitimate reason to trust any particular Certificate
Authority?
Yves-Alexis Perez cor...@debian.org writes:
I may be
On Thu, 01 Jan 2009, Cristian Ionescu-Idbohrn wrote:
Still, the original question was (sort of) whether MD5 signed certificates
like this one:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
On Wed, 31 Dec 2008 02:39:53 +0100, Cristian Ionescu-Idbohrn wrote:
http://www.win.tue.nl/hashclash/rogue-ca/
Could some skilled person comment on the article?
I noticed around 20 certificates distributed with the package
ca-certificates have Signature Algorithm: md5WithRSAEncryption.
Yves-Alexis Perez cor...@debian.org writes:
I may be wrong, but I trust the CAs in ca-certificates. I've followed
the add of French Gvt CA Certificates, and the procedure was enough
strict to give me this trust impression.
I would hope that other CA are checked to be trustworthy enough
On Wed, 31 Dec 2008 02:39:53 +0100, Cristian Ionescu-Idbohrn wrote:
http://www.win.tue.nl/hashclash/rogue-ca/
Could some skilled person comment on the article?
I noticed around 20 certificates distributed with the package
ca-certificates have Signature Algorithm: md5WithRSAEncryption.
On Thu, Jan 1, 2009 at 9:56 AM, Sam Morris s...@robots.org.uk wrote:
Maybe in a few years, NSS will have disabled the use of MD5 and the
ancient MD2 algorithm. I wonder how many other insecure algorithms are
still lurking in NSS, OpenSSL, GNU TLS, Java, etc...
Having programmed with OpenSSL a
On Wed, 31 Dec 2008, Micah Anderson wrote:
Does anyone have a legitimate reason to trust any particular Certificate
Authority?
Yves-Alexis Perez cor...@debian.org writes:
I may be wrong, but I trust the CAs in ca-certificates. I've followed
the add
In article 0901011447100.8...@somehost you wrote:
Signature Algorithm: md5WithRSAEncryption
^
should be distributed at all.
Yes, because it is the self signature, but since we distribute the CA
certificate it is not checked but trusted. The
Cristian Ionescu-Idbohrn wrote:
http://www.win.tue.nl/hashclash/rogue-ca/
Could some skilled person comment on the article?
I noticed around 20 certificates distributed with the package
ca-certificates have Signature Algorithm: md5WithRSAEncryption.
Reason to worry?
Hi,
(I'm one of
On Mittwoch, 31. Dezember 2008, Cristian Ionescu-Idbohrn wrote:
http://www.win.tue.nl/hashclash/rogue-ca/
Could some skilled person comment on the article?
I noticed around 20 certificates distributed with the package
ca-certificates have Signature Algorithm: md5WithRSAEncryption.
Reason to
* Cristian Ionescu-Idbohrn:
I noticed around 20 certificates distributed with the package
ca-certificates have Signature Algorithm: md5WithRSAEncryption.
Reason to worry?
These are self-signatures and typically not checked anyway. When
these CA certificates are used to issue other
* bgr...@toplitzer.net bgr...@toplitzer.net [2008-12-31 05:47-0500]:
On Mittwoch, 31. Dezember 2008, Cristian Ionescu-Idbohrn wrote:
http://www.win.tue.nl/hashclash/rogue-ca/
Could some skilled person comment on the article?
I noticed around 20 certificates distributed with the package
On Wed, Dec 31, 2008 at 02:15:18PM -0500, Micah Anderson wrote:
Does anyone have a legitimate reason to trust any particular Certificate
Authority?
Of course--some charge *lots* of money, and we all know that expensive
bits are better than cheap bits.
Mike Stone
--
To UNSUBSCRIBE, email
On Wed, 2008-12-31 at 14:15 -0500, Micah Anderson wrote:
Does anyone have a legitimate reason to trust any particular Certificate
Authority?
The trust comes with knowing the procedures a CA uses to verify the
particulars of the people asking (or indeed paying) them to sign
certificates. The
http://www.win.tue.nl/hashclash/rogue-ca/
Could some skilled person comment on the article?
I noticed around 20 certificates distributed with the package
ca-certificates have Signature Algorithm: md5WithRSAEncryption.
Reason to worry?
Cheers,
--
Cristian
--
To UNSUBSCRIBE, email to
16 matches
Mail list logo