From mboxrd@z Thu Jan 1 00:00:00 1970 Content-type: text/plain; charset=utf-8 MIME-version: 1.0 (Mac OS X Mail 8.2 \(2098\)) From: Brantley Coile In-reply-to: <88ceb175aff6e3f38e53b92a0d81e3cd@proxima.alt.za> Date: Tue, 26 May 2015 15:35:34 -0400 Content-transfer-encoding: quoted-printable Message-id: References: <88ceb175aff6e3f38e53b92a0d81e3cd@proxima.alt.za> To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Subject: Re: [9fans] How do I get a CSR CA's like? Topicbox-Message-UUID: 56177c8e-ead9-11e9-9d60-3106f5b1d025 I just changed =E2=80=9Cmd5(=E2=80=A6)=E2=80=9D to =E2=80=9Cshall(=E2=80=A6= )=E2=80=9D and added an object id to the table. Once I figured out I = didn=E2=80=99t have to us RSA to *sign* the CSR, but had to have = something other than md5, it was easy. > On May 26, 2015, at 2:00 PM, lucio@proxima.alt.za wrote: >=20 >> I now have reason to believe that they just removed MD5 from known >> signing algorithms, and that a SHA1 will work. Anyone know anything >> about this? >=20 > There's an exploit for the MD5 version. It looks pretty serious and > deserves to be fixed by disabling the MD5 signing algorithm. >=20 > www.phreedom.org/research/rogue-ca/ >=20 > What exactly did you change in /sys/src/libsec/port/x509.c? I had a > quick look this morning, but I didn't have the opportunity to dig deep > enough. >=20 > Lucio. >=20 >=20