[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes

Vantrax vantrax at gmail.com
Thu Jan 22 06:11:39 UTC 2009


I do think that the end-user should be able to override the security
weakness warning. -  Miron Cuperman

How do we mitigate that a large group of CA's still use MD5 instead of
using the SHA certs.  We cannot force a change on them and all we would
do is remove potentially harmful services from users.

MD5 is still a valid hashing function, just not  a valid cryptographic
function. We should be pushing as a community for CA's to move to SHA
based hashes which are still cryptographically sound.

-- 
Stop honoring digital signatures based on MD5 hashes
https://bugs.launchpad.net/bugs/312536
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in ubuntu.




More information about the Ubuntu-mozillateam-bugs mailing list