Re: Certification Authorities are recommended to stop using MD5 altogether
On Thu, 01 Jan 2009, Cristian Ionescu-Idbohrn wrote:
> Still, the original question was (sort of) whether MD5 signed certificates
> like this one:
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 1 (0x1)
> Signature Algorithm: md5WithRSAEncryption
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
> Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
The algorithm used for the self sign doesn't really matter. What you
care about is md5 used in any place but the root of any cert chains
you encounter.
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
Reply to: