[Freeipa-devel] MD5 certificate fingerprints removal
Standa Laznicka
slaznick at redhat.com
Tue Feb 21 11:59:40 UTC 2017
Hello,
Since we're trying to make FreeIPA work in FIPS we got to the point
where we need to do something with MD5 fingerprints in the cert plugin.
Eventually we came to a realization that it'd be best to get rid of them
as a whole. These are counted by the framework and are not stored
anywhere. Note that alongside with these fingerprints SHA1 fingerprints
are also counted and those are there to stay.
The question for this ML is, then - is it OK to remove these or would
you rather have them replaced with SHA-256 alongside the SHA-1? MD5 is a
grandpa and I think it should go.
Standa
More information about the Freeipa-devel
mailing list