Bug#514807: Regression in libgnutls security update

Simon Josefsson simon at josefsson.org
Thu Feb 12 10:10:53 UTC 2009

Edward Allcutt <emallcut at gleim.com> writes:

>> What can be done here is to produce better documentation, perhaps in
>> release notes.  People must be aware that trusting X.509 certificate
>> chains containing RSA-MD5 signatures or V1 CAs is insecure.
> I don't disagree, but breaking working configurations, not all of
> which are as insecure as you fear, doesn't seem like the best plan,
> especially since there was no advance warning.

I agree here that advance warning would have been good.  It was not
clear that the security problem that was fixed would have the
consequence you reported.  Now that you report it, and we analyze it, it
is clear that it is the intended consequence.

What are the possible channels to communicate to etch users that they
will get (intentional) errors from gnutls if they have 1) a V1
certificate in their certificate chains, or 2) have a RSA-MD2/MD5
signature in non-trusted certificates in their chain?  Perhaps a wiki
page will help to explain the issue better than this bug report e-mail
thread can do.

Hm.... possibly we could reconsider the default regarding V1 CAs for
etch: maybe you are right that the security problem is less problematic
than the solution.  Anyway, not my call to make, and I hope others can
use this discussion to evaluate what the best outcome is.


More information about the Pkg-gnutls-maint mailing list