[Ach] Algorithm Check on Path Validation?
Martin Rublik
martin.rublik at gmail.com
Tue Jan 28 14:54:52 CET 2014
On 28. 1. 2014 11:31, Rainer Hoerbe wrote:
> I could not perform practical research on this, except the observation that client certificates using RSA1024/MD5 seem to be happily accepted by a number of web servers. So any validation of my assumptions is very welcome.
Just for the MS IIS. According to
http://blogs.technet.com/b/askds/archive/2013/08/14/md5-signature-hash-deprecation-and-your-infrastructure.aspx
it looks like MD5 is deprecated after installation of KB 2862966, but it only
applies to:
-server authentication
-code signing
-time stamping
It does not apply to client authentication.
On the other hand it looks like that according to
http://technet.microsoft.com/en-us/library/dn375961.aspx it is possible to block
*all* certificates using MD5. I'll test and report back.
Martin
More information about the Ach
mailing list