This is a multi-part message in MIME format.

------=_NextPart_surgeweb_964875208_mpa=
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

OK try a new build when it is up to make sure it all works as it should for =
you and if there are no problems let me know and I'll make surgemail use SHA=
1 by default. (also let me know if you do encounter any difficulties so I ca=
n investigate and resolve them) 


If you let me know what platform you are after I can make sure there is a ne=
w build there for you to try.

Marijn


--- Original message ---
Subject: Re: [SurgeMail List] SSL Certificate issues.
From: Neil Herber (nospam) <nospam@eton.ca>
To:  <surgemail-list@netwinsite.com>
Date: 05/05/2009 11:33 PM

On 2009-05-05 6:37 AM, Surgemail Support (Marijn) wrote:
....snip ...

> Please let me know if it works correctly for you. If it proves to work
> as it should and others find CA's are all going this way, we may well
> make this the surgemail default at some stage.
>
> Marijn
>

From everything I have read, most CAs phased out MD5 in January 2009.  For m=
ore details see:
http://www.win.tue.nl/hashclash/rogue-ca/

In particular see:
http://www.kb.cert.org/vuls/id/836068

where they say:
"Do not use the MD5 algorithm
Software developers, Certification Authorities, website owners, and  users s=
hould avoid using the MD5 algorithm in any capacity. As previous  research h=
as demonstrated, it should be considered cryptographically  broken and unsui=
table for further use.

Scrutinize SSL certificates signed by certificates using the MD5 algorithm"

--  Neil Herber

 

------=_NextPart_surgeweb_964875208_mpa=

Last Next