Bug#514578: Downgrading bug
Simon Josefsson
simon at josefsson.org
Thu Jun 11 08:21:27 UTC 2009
severity 514578 wishlist
retitle 514578 Please document deprecated RSA-MD2/MD5 in NEWS/README
thanks
I have read through this bug, and as far as I can tell all the reported
problems are things working as intended, i.e., untrusted RSA-MD5
signatures should cause failures.
There is one remaining concern: Alexandra suggested we add something
about NEWS/README about this. I agree with that, but can't come up with
particular wordings. FWIW, the manual has explained the issue for many
years already:
http://www.gnu.org/software/gnutls/manual/gnutls.html#Digital-signatures
I'm downgrading this as a wishlist bug and retitling it appropriately.
Let me know if you still have some problem not related to RSA-MD?
signatures.
Below is a summary of the discussion.
Thanks,
/Simon
Gábor Gombás:
Problem diagnosed to be caused by a RSA-MD5 cert in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#35
Hermann Lauer:
Confirmed an untrusted RSA-MD5 signatures:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#15
Alexandra N. Kossovsky:
Suggests in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#30
that we should add something to NEWS/README about this.
Brian May:
Reports a problem in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#45
but it mysteriously disappeared in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#120
Chess Griffin:
Report in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#55
resolved in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#100
Jiri.Solc
Report in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#70
unanswered question in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#75
Witold Baryluk
Report in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#140
resolved in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514578#165
More information about the Pkg-gnutls-maint
mailing list