[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "Certification Authorities are recommended to stop using MD5 altogether"

* Cristian Ionescu-Idbohrn:

> I noticed around 20 certificates distributed with the package
> ca-certificates have "Signature Algorithm: md5WithRSAEncryption".
> Reason to worry?

These are self-signatures and typically not checked anyway.  When
these CA certificates are used to issue other certificates, they can
use SHA-1, and are not restricted to MD5.  (Same comment applies to
the certificates with MD2 self-signatures.)

Only the CA knows if it still issues certificates with MD5 signatures.

Reply to: