Comment 62 for bug 312536
Revision history for this message
|
|
#62 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
In today's weekly NSS meeting, I think we agreed to go forward with the
following steps (in no particular order):
1. Commit the patch attached to this bug, as it establishes a base API
for future controls, and solves an immediate vulnerability.
2. File an RFE to "completely disable certain hashes, not only for use in
signatures, but for all higher level security uses within NSS. Bug 482882.
Note that Bob and I oppose disabling hashes for non-cryptographic purposes.
3. File an RFE that requests that users/admins be able to manipulate
this table using an environment variable with a syntax that allows various
hashes to be selectively enabled/disabled. That is now bug 483113.