Closed Bug 486969 Opened 16 years ago Closed 2 years ago

Separately disable hash algorithms in signatures on different types of documents

Categories

(NSS :: Libraries, enhancement, P5)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED INACTIVE

People

(Reporter: nelson, Unassigned)

Details

Attachments

(1 file)

Preliminary patch - not ready for prime time
8.36 KB, patch
Details | Diff | Splinter Review
When I implemented bug 471539, Timeless asked (in bug 471539 comment 30) that we separate the permissions bit for certs from the permission bit for CRLs. In other fora, others have requested that we separate permission to use MD5 for (intermediate) CA certs from permission to use it for EE certs. I didn't do those things for bug 471539, because I felt under pressure to plug a vulnerability in a hurry. But now I think we could do those things without much difficulty.
This patch suggests one way to approach this. This patch is incomplete, lacking defs in nss.defs and header file declarations for the new TellHash functions.
Comment on attachment 371174 [details] [diff] [review] Preliminary patch - not ready for prime time This patch is also incomplete in another respect. It doesn't touch the libPKIX version of this code. :(
Assignee: nelson → nobody
Severity: normal → S3
Severity: S3 → S4
Status: NEW → RESOLVED
Closed: 2 years ago
Priority: -- → P5
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: