Jakob Bohm <jb-mozi...@wisemo.com> writes: >DSA and ECDSA signatures are only secure if the hash algorithm is specified >in the certificate, presumably as part of the AlgorithmIdentifier in the >SubjectPublicKeyInfo.
It's in the (badly-named) signature field of the cert, if it was in the signatureAlgorithm it wouldn't be covered by the sig. Having said that, I don't know how many implementations actually check whether what's in the signature corresponds to the signatureAlgorithm, I tried it many years ago (md5With... vs sha1With...) and nothing much seemed to notice, as long as the signatureAlgorithm was the one that was correct for the signature. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
