[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Whoos with GnuTLS and md5-signed certificates

On 02/13/2009 08:46 AM, Bastian Blank wrote:
> GnuTLS stopped accepting MD5 as a proper signature type for certificates
> just two weeks before the release. While I don't question the decision
> themself, MD5 is broken since 4 years, I question the timing.
> Yesterday several people started to complain that they could not longer
> connect to their ldap servers, many of them using pam-ldap and nss-ldap.
> A quick look showed certificates in the chain which was signed with MD5.
> Even many commercial or non-commercial CAs out there have MD5 signed
> certs somewhere in the chain and all of them will not longer work now
> until this intermediate certs will be trusted explicitely. Most of them
> already switched to SHA1 for their enduser certificates.
> So now we have a change in Lenny which will break many, many machines.
> It is neither properly documented in the NEWS file of the package
> themself nor in the release notes.

The problem is not just MD5 certificates, but also version 1
certificates as certificate authorities.  I agree that the timing is
problematic (perhaps because we should have been through this particular
pain of deprecating MD5 and V1 certs years ago).

I just wrote a blog post trying to outline some concrete steps that
people (users, developers, maintainers, and sysadmins) can take to deal
with these changes:


I'm sure it's not complete, and while i did my best to keep it correct,
some errors may have slipped in too.  Any clarifications or corrections
would be most welcome.

Are there any concrete proposals for how to deal with this
systematically within debian without leaving GnuTLS users in lenny
perpetually gullible to MD5-based forgeries, or improperly-trusted V1



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: