Test failure of ‘chainverify’

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Mar 12 17:38:41 CET 2010

On 03/12/2010 03:45 AM, Tomas Mraz wrote:
> I do not think
> that certificates which are directly on the trusted list should be
> rejected if they are expired or signed with a weak algorithm. There
> might be a slight argument for the expiry check because the expiration
> might happen behind the notice of the user who put it to the trusted
> list and arguably the expiration time signals that the
> private-key/certificate should not be used after the time.

I think that trusting listed certificates after their internally-stated
expiry could be a surprising experience for users (in a bad way).

Maybe we need a way for a user to communicate to the library that she
wants to trust a given certificate beyond its internal expiry?

> However for
> the weak algorithm check there is no reason at all because the signature
> of the certificate is not relevant if we trust the public-key of the
> certificate directly.

I agree that the type of digest algorithm used in the signature (whether
self-signed or not) is irrelevant for certificates in the trusted list.

However, ignoring weak digests does not mean we should ignore *all* weak
algorithm checks for these certificates.  For example, if a 512-bit RSA
key would not be acceptable elsewhere in the chain, we should not accept
it in the trusted root list.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100312/8e832642/attachment.pgp>

More information about the Gnutls-devel mailing list