Bug#699888: new nss packages fixing cve-2013-1620
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Mar 18 15:22:56 UTC 2013
On 03/16/2013 05:35 PM, Mike Hommey wrote:
> Likewise, I'd rather know what we do wrt md5, and while at it, cacert
> (the cert of which uses a md5 signature at the moment, so it effectively
> doesn't work ; see bug 682470) before uploading, so as to avoid doing
> two uploads.
the choice of signature digest for the root CA certificate shouldn't be
relevant -- it should only be relevant for intermediate CA certificates
and end entity certificates. if NSS is requiring certain digest
algorithms on the root CA certs, that's probably a bug.
Mike, can you clarify whether that's the case?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20130318/fa8861c0/attachment.pgp>
More information about the pkg-mozilla-maintainers
mailing list