MD5/SHA1 migration explained

git-svn-id: 14b1bab8-4ef6-0310-b690-991c95c89dfd
source 14 years ago
parent 4fd7759e10
commit 2d7f0c30d3

@ -2961,7 +2961,9 @@ No limitation is placed on Subscriber key sizes.
CAcert X.509 root and intermediate keys are currently 4096 bits.
X.509 roots use RSA and sign with the SHA-1 message digest algorithm.
Certificates have been signed until 2004 with MD5, since 2005 SHA-1 or better algorithms are used.
See <a href="#p4.3.1">&sect;4.3.1</a>.
@ -2974,15 +2976,6 @@ in line with general cryptographic trends,
and as supported by major software suppliers.
<ul class="q">
<li> old Class 3 SubRoot is signed with MD5 </li>
<li> likely this will clash with future plans of vendors to drop acceptance of MD5</li>
<li> Is this a concern? </li>
<li> to users who have these certs, a lot? </li>
<li> to audit, not much? </li>
<h4><a name="p6.1.6" id="p6.1.6">6.1.6. Public key parameters generation and quality checking</a></h4>