x509 v1 certificate
Simon Josefsson
jas at extundo.com
Mon Sep 25 13:19:23 CEST 2006
Werner Koch <wk at gnupg.org> writes:
> BTW, using root certificates based on MD5 is highly questionable and
> alone good reasons to not support those v1 root certificates.
I think only intermediate and end-entity certificates is a problem in
practice. The signature in a root CA aka trusted anchor is typically
never verified, so whether it is possible to fake that signature
doesn't matter. For trusted anchors, it is the public key (and other
information like key usage and basic constraints) in the certificate
you need.
Thus, a RSA-MD5 trust anchor verified using its SHA-1 fingerprint out
of band should be secure.
(I came to this conclusion when we made GnuTLS permit trusted anchors
that used weak signature algorithms.)
/Simon
More information about the Gnupg-devel
mailing list