On 03/27/2014 01:06 PM, Nikos Mavrogiannopoulos wrote:
On Thu, 2014-03-27 at 12:49 +0100, Florian Weimer wrote:
> On 03/27/2014 12:13 PM, Nikos Mavrogiannopoulos wrote:
>
>> For the purposes of the Crypto Policies change proposal [0], I think
>> I've settled to the following three policy levels (inspired by the ENISA
>> levels but with a rename of the good LEGACY level to DEFAULT). Any
>> comments or suggestions are appreciated.
>
> Do you expect that the signature algorithm restrictions will apply to
> the self-signatures as well?
No, not really. I will make it explicit, but I don't think there are
libraries that currently enforce restrictions on the self signatures.
I had this change in mind:
<
http://marc.info/?l=openssl-cvs&m=124508133203041&w=2>
I don't know if similar changes were applied to other libraries when we
removed MD2 support.
--
Florian Weimer / Red Hat Product Security Team