On 03/27/2014 01:06 PM, Nikos Mavrogiannopoulos wrote:
On Thu, 2014-03-27 at 12:49 +0100, Florian Weimer wrote:
On 03/27/2014 12:13 PM, Nikos Mavrogiannopoulos wrote:
For the purposes of the Crypto Policies change proposal [0], I think
I've settled to the following three policy levels (inspired by the ENISA
levels but with a rename of the good LEGACY level to DEFAULT). Any
comments or suggestions are appreciated.
Do you expect that the signature algorithm restrictions will apply to
the self-signatures as well?
No, not really. I will make it explicit, but I don't think there are
libraries that currently enforce restrictions on the self signatures.
I had this change in mind:
<http://marc.info/?l=openssl-cvs&m=124508133203041&w=2>
I don't know if similar changes were applied to other libraries when we
removed MD2 support.
--
Florian Weimer / Red Hat Product Security Team
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security