x509 v1 certificate

Simon Josefsson jas at extundo.com
Mon Sep 25 13:19:23 CEST 2006

Werner Koch <wk at gnupg.org> writes:

> BTW, using root certificates based on MD5 is highly questionable and
> alone good reasons to not support those v1 root certificates.

I think only intermediate and end-entity certificates is a problem in
practice.  The signature in a root CA aka trusted anchor is typically
never verified, so whether it is possible to fake that signature
doesn't matter.  For trusted anchors, it is the public key (and other
information like key usage and basic constraints) in the certificate
you need.

Thus, a RSA-MD5 trust anchor verified using its SHA-1 fingerprint out
of band should be secure.

(I came to this conclusion when we made GnuTLS permit trusted anchors
that used weak signature algorithms.)


More information about the Gnupg-devel mailing list