Panu Matilainen <pmati...@redhat.com> writes:

>> https://tests.sequoia-pgp.org/rpmsop.html#Detached_Sign-Verify_roundtrip_with_key__Bob___MD5
>>
>> - accepts MD5 signatures !!!
>>
>> https://tests.sequoia-pgp.org/rpmsop.html#Signature_over_the_shattered_collision
>>
>> - accepts SHA1 signatures !!!
>
> Rpm needs to be able to work with content from the nineties, when MD5
> was still the hottest thing around, ditto with SHA1.

Contemporary versions of RPM need to work with content from the
nineties?  I find that hard to believe.

> At least openssl backend supports FIPS mode, which is where these get
> rejected as expected nowadays.

FIPS mode as in /proc/sys/crypto/fips_enabled?  Or is there another
mechanism for openssl or RPM?  What about the security of systems that
are not in FIPS mode?

In my opinion, these signatures should be rejected by RPM.  If working
with nineties material is really a thing, the user should explicitly
opt-into these unsafe algorithms.

Justus

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Reply via email to