In message <20090616093646.GC12725@???>, Heiko
Schlittermann <hs@???> writes
>Andreas Metzler <eximusers@???> (Mo 15 Jun 2009 19:32:54 CEST):
>
>> gnutls night not be able to read the file-format, or perhaps
>> the signature algoritm is RSA-MD2, or whatever.
>
>Indeed - my own certs are signed RSA-MD5,
That's really unwise ... because of the weaknesses in MD5 people have
generated "pairs" of certificates and used them for various attacks.
As a result, many software suites are rapidly being reconfigured to
reject MD5 outright...
>the Thawte certs use SHA1.
SHA1 has its own problems, but the difficulty is that not all software
yet supports SHA256.
You would be well advised to move to SHA1 sooner rather than later, and
prepare to change hash function again in 2010
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755