Why openssl 1.0.1p accepts composite $q$ in DSA?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Sep 09, 2015 at 12:07:43PM +0000, Viktor Dukhovni wrote:
> > 
> > Are you saying I can't sign the cert with another cert
> > (the pubkey is easy to extract from the cert) with openssl?
> 
> If you control a trusted root CA, or an intermediate CA issued
> (possibly indirectly) by a trusted root CA, you can sign anything
> you want and it will be trusted.  The fact that malfeasant CAs can
> compromise security is not new.
> 
> If you don't control a trusted CA, what significance would such a
> signature carry?  Yes, most certificates (sometimes constrained by
> KeyUsage) can be used for signing, but unless "CA=true", they can't
> be used to sign other certificates that will be trusted by peers.
>

I am gonna leave this list very soon.

Feel free to CC me with answer:

If I am CA and sign cert requests with vanilla openssl,
will I sign a composite $q$?





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux