Nelson B Bolyard wrote:
An SSL server that sends out a full chain with a SHA256 root could conceivably cause a problem for a remote SSL client that does not understand SHA256 signatures and that chooses to check the signature on the received root cert rather than, or in addition to, relying on its own local trusted copy of the root cert for that CA. However, with respect to usage of NSS for SSL/TLS, Mozilla software presently does not act as an SSL server, but only as an SSL client.
Correct. However this could affect, e.g., NSS used in the context of mod_nss and the Apache web server, would it not?
Frank -- Frank Hecker hec...@mozillafoundation.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
