On sneon 14 Febrewaris 2009, Florian Weimer wrote: > > Our servers use commercial certificates, with "GTE CyberTrust Global > > Root" as the root certificate. It apparently is a v1 x509 certificate... > > It's uses 1024 bit RSA, it is more than ten years old, and GTE > Cybertrust does not exist anymore--GTE sold Cybertrust to Baltimore, > Baltimore was sucked in to Betrusted, and Betrusted was bought by > Verizon, so the key material is controlled by someone else these days. > (It does not matter that the self-signature uses RSA-MD5.) This may be true, but it is this certificate that is used as the root by for example Terena, the association of all European NRENs, and hence are in use by a very large part of the European academic community. http://www.terena.org/activities/scs/participants.html The certificate may be old, but this is unfortunately a given and hard to change. That said, there are workarounds and of course in critical environments you'd test upgrades in a test environment before deploying them, so it's not the end of the world. cheers, Thijs
Attachment:
signature.asc
Description: This is a digitally signed message part.