undefined | Better HN

0 pointsSomeone123411y ago0 comments

The root CA, USERTrust, is SHA-1 signed.

Everything else is SHA-2 however as you said.

0 comments

4 comments · 1 top-level

konklone11y ago· 3 in thread

That's right, but the root cert is not sent by the server (in my case). More importantly, SHA-1 isn't a problem for root certs, as their signature is not used to verify their integrity.

bitJericho11y ago

Then what is the signature for?

sleevi11y ago

Because it was seen as easier to use X.509 (aka a certificate) as a delivery of a Trust Anchor (specifically, a "subject name" and "public key" pair) than to invent yet another storage format.

Certificate verification stops when you encounter a TA. Some libraries do the wrong thing and check that the terminal cert is self-signed, but that's not actually required (nor recommended). You just check that the previous cert is signed by the TA, which involves checking the previous cert's signature (aka the intermediate) with the trust anchor's key.

That's why the trust anchor's signature is irrelevant.

See RFC 6024 for a discussion of terminology and concepts.

1 more reply

tbrownaw11y ago

Simplicity and uniformity?

There's less chance to screw things up if the spec says that root certs should look exactly like all other certs, rather than trimming out parts that shouldn't be needed.

j / k navigate · click thread line to collapse