Re: Whoos with GnuTLS and md5-signed certificates

To: debian-devel@lists.debian.org, debian-release@lists.debian.org
Cc: pkg-gnutls-maint@lists.alioth.debian.org
Subject: Re: Whoos with GnuTLS and md5-signed certificates
From: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: Sat, 14 Feb 2009 15:51:46 +0100
Message-id: <[🔎] 20090214145146.GA7363@downhill.g.la>
Mail-followup-to: debian-devel@lists.debian.org, debian-release@lists.debian.org, pkg-gnutls-maint@lists.alioth.debian.org
In-reply-to: <[🔎] 87bpt5gn5a.fsf@mid.deneb.enyo.de>
References: <[🔎] 20090213134617.GA27183@wavehammer.waldi.eu.org> <[🔎] 87bpt5gn5a.fsf@mid.deneb.enyo.de>

On 2009-02-14 Florian Weimer <fw@deneb.enyo.de> wrote:
> * Bastian Blank:
>> GnuTLS stopped accepting MD5 as a proper signature type for certificates
>> just two weeks before the release. While I don't question the decision
>> themself, MD5 is broken since 4 years, I question the timing.

> GNUTLS has rejected RSA-MD5 signatures in X.509 certificate chains
> since version 1.2.9.
[...]

It has been documented to do so, however the rejection did not work (in
all cases?).

http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Reply to:

References:
- Whoos with GnuTLS and md5-signed certificates
  - From: Bastian Blank <waldi@debian.org>
- Re: Whoos with GnuTLS and md5-signed certificates
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: Bug#515154: ITP: gitg -- git repository viewer for gtk+/GNOME
Next by Date: ITP: mediawiki-smwhalo -- The Halo extension provides usability improvements to Semantic MediaWiki
Previous by thread: Re: Whoos with GnuTLS and md5-signed certificates
Next by thread: Re: Whoos with GnuTLS and md5-signed certificates
Index(es):
- Date
- Thread