* Daniel Kahn Gillmor <d...@fifthhorseman.net> [2009-02-10 18:04:44]:
> RapidSSL has been willing to freely re-issue all of its older MD5 > certificates using SHA1 from what i've seen. I suggest that you contact > your system administrators and advise them that they are using a > certificate that requires trust in a known-weak digest algorithm to > verify. Since it was issued by RapidSSL, you may wish to point them to > their FAQ on the subject: > > https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AD125 > > We hope to ship lenny with MD5 fully deprecated in GnuTLS so that > GnuTLS-reliant apps are not subject to forged intermediate certificate > authorities or other attacks based on a weak digest algorithm. > > Thanks for reporting this, > > --dkg > Daniel, Thank you very much for the helpful information. I have passed this along to Tuffmail along with a link to this bug report so hopefully they will update their certs soon. Sorry posting noise about what ultimately is not a bug. :-) Regards, Chess -- Chess Griffin
signature.asc
Description: Digital signature
