I do think that the end-user should be able to override the security weakness warning. - Miron Cuperman
How do we mitigate that a large group of CA's still use MD5 instead of using the SHA certs. We cannot force a change on them and all we would do is remove potentially harmful services from users. MD5 is still a valid hashing function, just not a valid cryptographic function. We should be pushing as a community for CA's to move to SHA based hashes which are still cryptographically sound. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
