Bug#514807: Regression in libgnutls security update
Simon Josefsson
simon at josefsson.org
Thu Feb 12 09:32:07 UTC 2009
Florian Weimer <fw at deneb.enyo.de> writes:
> * Simon Josefsson:
>
>> What can be done here is to produce better documentation, perhaps in
>> release notes. People must be aware that trusting X.509 certificate
>> chains containing RSA-MD5 signatures or V1 CAs is insecure.
>
> I think it is somewhat debatable if this also applies to the root CA
> container, where the X.509 structure is just use as a transport for
> key material. The RSA-MD5 signature does not hurt there
Agreed. That is how GnuTLS works now; it doesn't validate signatures in
trusted CA certificates.
> and the DN doesn't really matter, either.
The SubjectDN of the CA needs to match the IssuerDN of the next cert in
the chain.
> The risk I see is that someone adds a v1 *server* certificate to the
> trusted list, without realizing that it will act as a *CA* certificate
> in this place.
Exactly.
/Simon
More information about the Pkg-gnutls-maint
mailing list