[pkg-gnupg-maint] Bug#870497: dirmngr: SKS keyserver network CA certificate uses SHA1 for the fingerprint
Paul Wise
pabs at debian.org
Wed Aug 2 16:00:45 UTC 2017
Package: dirmngr
Version: 2.1.18-8
Severity: wishlist
File: /usr/share/gnupg/sks-keyservers.netCA.pem
I noticed that the SKS keyserver network CA certificate uses SHA1 for
the fingerprint. Since browser vendors are phasing out SHA1 certs,
the SKS keyserver network should probably do that too.
$ openssl x509 -in /usr/share/gnupg/sks-keyservers.netCA.pem -text -noout | grep -i sha1
Signature Algorithm: sha1WithRSAEncryption
Signature Algorithm: sha1WithRSAEncryption
-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.11.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dirmngr depends on:
ii adduser 3.115
ii libassuan0 2.4.3-2
ii libc6 2.24-12
ii libgcrypt20 1.7.8-2
ii libgnutls30 3.5.14-2
ii libgpg-error0 1.27-3
ii libksba8 1.3.5-2
ii libldap-2.4-2 2.4.45+dfsg-1
ii libnpth0 1.5-2
ii lsb-base 9.20161125
Versions of packages dirmngr recommends:
ii gnupg 2.1.18-8
Versions of packages dirmngr suggests:
pn dbus-user-session <none>
ii libpam-systemd 234-2
ii pinentry-gnome3 1.0.0-2
ii tor 0.3.0.9-1
-- no debconf information
--
bye,
pabs
https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170802/5ffd2810/attachment.sig>
More information about the pkg-gnupg-maint
mailing list