From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <88ceb175aff6e3f38e53b92a0d81e3cd@proxima.alt.za>
To: 9fans@9fans.net
Date: Tue, 26 May 2015 20:00:17 +0200
From: lucio@proxima.alt.za
In-Reply-To: <6CADF85A-1006-4B64-89EE-626DA9BCADCB@me.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] How do I get a CSR CA's like?
Topicbox-Message-UUID: 56136cde-ead9-11e9-9d60-3106f5b1d025

> I now have reason to believe that they just removed MD5 from known
> signing algorithms, and that a SHA1 will work.  Anyone know anything
> about this?

There's an exploit for the MD5 version.  It looks pretty serious and
deserves to be fixed by disabling the MD5 signing algorithm.

	www.phreedom.org/research/rogue-ca/

What exactly did you change in /sys/src/libsec/port/x509.c?  I had a
quick look this morning, but I didn't have the opportunity to dig deep
enough.

Lucio.