A successful attack would mean that the attackers would have a rogue CA. They would then be able to generate a bogus certificate for any site without any additional resources. This issue should therefore be considered critical in my opinion. The benefit to an attacker would justify using considerable resources in generating the rogue CA cert.
I do think that the end-user should be able to override the security weakness warning. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
