[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes
vantrax at gmail.com
Thu Jan 22 06:11:39 UTC 2009
I do think that the end-user should be able to override the security
weakness warning. - Miron Cuperman
How do we mitigate that a large group of CA's still use MD5 instead of
using the SHA certs. We cannot force a change on them and all we would
do is remove potentially harmful services from users.
MD5 is still a valid hashing function, just not a valid cryptographic
function. We should be pushing as a community for CA's to move to SHA
based hashes which are still cryptographically sound.
Stop honoring digital signatures based on MD5 hashes
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in ubuntu.
More information about the Ubuntu-mozillateam-bugs