* Thijs Kinkhorst: > On sneon 14 Febrewaris 2009, Florian Weimer wrote: >> > Our servers use commercial certificates, with "GTE CyberTrust Global >> > Root" as the root certificate. It apparently is a v1 x509 certificate... >> >> It's uses 1024 bit RSA, it is more than ten years old, and GTE >> Cybertrust does not exist anymore--GTE sold Cybertrust to Baltimore, >> Baltimore was sucked in to Betrusted, and Betrusted was bought by >> Verizon, so the key material is controlled by someone else these days. >> (It does not matter that the self-signature uses RSA-MD5.) > > This may be true, but it is this certificate that is used as the root by for > example Terena, the association of all European NRENs, and hence are in use > by a very large part of the European academic community. > http://www.terena.org/activities/scs/participants.html
Yuck. 8-( > The certificate may be old, but this is unfortunately a given and > hard to change. Would you recommend to apply the X.509v1 hack (see the patch I linked to) to lenny as well? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org