On Tuesday 30 December 2008 22:07:08 Kyle Hamilton wrote: > I would suggest requiring all new roots approved to state that they do > not and will not use MD5 in any newly-minted certificate (except > possibly in a configuration like the TLS pseudo-random function).
FWIW, Comodo have never signed (and we will never sign) any certificates with MD2, MD4 or MD5. Also, since we launched our CA business, we've always generated random certificate serial numbers. > This is not yet policy, though it should be. (FWIW, this was known > two years ago.) > > -Kyle H > > On Tue, Dec 30, 2008 at 8:39 AM, Chris Hills <c...@chaz6.com> wrote: > > A presentation was given at this year's Chaos Communication Congress in > > which it was described how researchers were apparently able to produce > > authentic signed SSL certificates thanks to a handful of CAs who rely on > > MD5. If true, is it time to disable MD5 by default? > > _______________________________________________ > > dev-tech-crypto mailing list > > dev-tech-crypto@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-tech-crypto > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- Rob Stradling Senior Research & Development Scientist Comodo - Creating Trust Online Office Tel: +44.(0)1274.730505 Fax Europe: +44.(0)1274.730909 www.comodo.com Comodo CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by Comodo for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
