Bug#514578: libgnutls26: similar gnutls26 problem with mutt+msmtp after recent update

Chess Griffin chess at chessgriffin.com
Tue Feb 10 23:13:25 UTC 2009

* Daniel Kahn Gillmor <dkg at fifthhorseman.net> [2009-02-10 18:04:44]:

> RapidSSL has been willing to freely re-issue all of its older MD5
> certificates using SHA1 from what i've seen.  I suggest that you contact
> your system administrators and advise them that they are using a
> certificate that requires trust in a known-weak digest algorithm to
> verify.  Since it was issued by RapidSSL, you may wish to point them to
> their FAQ on the subject:
> https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AD125
> We hope to ship lenny with MD5 fully deprecated in GnuTLS so that
> GnuTLS-reliant apps are not subject to forged intermediate certificate
> authorities or other attacks based on a weak digest algorithm.
> Thanks for reporting this,
> 	--dkg


Thank you very much for the helpful information.  I have passed this along
to Tuffmail along with a link to this bug report so hopefully they will
update their certs soon.  Sorry posting noise about what ultimately is
not a bug.  :-)


Chess Griffin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20090210/df2697ef/attachment.pgp 

More information about the Pkg-gnutls-maint mailing list