OpenJDK 8u362 Released
Thorsten Glaser
t.glaser at tarent.de
Thu Jan 19 02:50:22 UTC 2023
On Thu, 19 Jan 2023, Andrew Hughes wrote:
>to digest, sign, and optionally timestamp the JAR. It also applies to
>the signature and digest algorithms of the certificates in the
>certificate chain of the code signer and the Timestamp Authority, and
Does this also apply to the root certificates in that chain?
I’m asking because many root certificates’ self signatures use
SHA-1 signatures, but the root certificates’ signatures are
not relevant to the verification process as they are available
in their entirety locally, so their signatures (usually self,
but possibly cross as well) are traditionally excluded from
these new restrictions as long as the entire root certificate
is available.
A random (valid) example from a CA bundle I have expanded at
hand:
C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
bye,
//mirabilos
--
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
****************************************************
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen:
╳ HTML eMail! Also, https://www.tarent.de/newsletter
╱ ╲ header encryption!
****************************************************
More information about the jdk8u-dev
mailing list