Re: system-wide crypto policies

To: debian-devel@lists.debian.org
Subject: Re: system-wide crypto policies
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 30 Jun 2013 21:25:48 +0200
Message-id: <[🔎] 874ncf4czn.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 51CDFB24.7030200@pocock.com.au> (Daniel Pocock's message of "Fri, 28 Jun 2013 23:07:48 +0200")
References: <[🔎] 51CC3709.7000105@pocock.com.au> <[🔎] 87bo6rnxt8.fsf@mid.deneb.enyo.de> <[🔎] 51CC9DB9.8060101@pocock.com.au> <[🔎] 97b001594faa6654df2bfe01109ef981.squirrel@aphrodite.kinkhorst.nl> <[🔎] 51CDFB24.7030200@pocock.com.au>

* Daniel Pocock:

> Just out of interest, a CA can re-issue their root cert with the same
> key pair but a stronger hash.  This type of thing has happened before.

That's possible because the self-signature is not actually
meaningful. 8-)

It's different further down the tree, and some protocols (including
TLS) do not allow multiple certification chains.

Reply to:

References:
- system-wide crypto policies
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: system-wide crypto policies
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: system-wide crypto policies
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: system-wide crypto policies
  - From: "Thijs Kinkhorst" <thijs@debian.org>
- Re: system-wide crypto policies
  - From: Daniel Pocock <daniel@pocock.com.au>

Prev by Date: Bug#714555: ITP: django-macaddress -- MAC address model and form fields for Django apps
Next by Date: Re: Re: Reporting 1.2K crashes
Previous by thread: Re: system-wide crypto policies
Next by thread: Re: system-wide crypto policies
Index(es):
- Date
- Thread