Conversation
Notices
-
"users_count":159, despite #CAcert issued TLS certificate on quitter.es - so there's not really a problem to host stuff with bad/unknown certs for !security ;)
- Roland Häder likes this.
-
#StartSSL active on quitter.es now - no more certificate errors I hope! (though I wish people could just install #CAcert...)
-
@mmn I do really hope that #CACert is replacing its week certificates. #StartSSL was not always the best free (beer) certificate provider, see #revocation due to #heartbleed bug.
-
Their root is still MD5 right? :)
-
@mmn Yes, sadly it is. They should really upgrade to #SHA2.
-
@mmn @roland The signature algoritm on the root certificatedoesn't matter and isn't used by anything. Only the public key is used to verify the signature on the next certificate.
-
It may matter as I know. @debian !debian has recently dropped such certificates with weak root certificate such as #CACert (they need to upgrade to #SHA2).
-
@roland @debian Pretty sure Debian decided to ship Mozillas CA bundle. CAcert isn't in that bundle because they haven't passed an (organizational) audit yet. The signature algorithm is a minor thing compared to that.