* bgrpt3@toplitzer.net <bgrpt3@toplitzer.net> [2008-12-31 05:47-0500]: > On Mittwoch, 31. Dezember 2008, Cristian Ionescu-Idbohrn wrote: > > http://www.win.tue.nl/hashclash/rogue-ca/ > > > > Could some skilled person comment on the article? > > > > I noticed around 20 certificates distributed with the package > > ca-certificates have "Signature Algorithm: md5WithRSAEncryption". > > Reason to worry? > > > > It is a problem. It's a reason to worry. > But it is only one of many. > (They mentioned that in their presentation: It's a matter > of trust :-) ) > Don't trust certificates too much. Does anyone have a legitimate reason to trust any particular Certificate Authority? micah
Attachment:
signature.asc
Description: Digital signature