Differences: OpenPGP vs. X.509

Stefan X stefanxe at gmx.net
Sat Jan 24 21:27:31 CET 2009

Are you sure about the hardwired dependencies to MD5? I know real world
examples where no MD5 is used at all with X.509 and I am quite sure they
are standard conform.

Robert J. Hansen schrieb:
> Stefan X wrote:
>> As explained before I see huge benefits in case one format
>> would be used instead of two.
> X.509 is effectively dead.  The protocol has a lot of hardwired
> dependencies on MD5, and the ongoing attacks against MD5 are
> below-the-waterline holes on X.509.
> X.509 may be overhauled to repair the damage, or it may be discarded.
> We don't know at this point.  This makes it very premature to talk about
> any kind of merging of standards.

More information about the Gnupg-devel mailing list