Differences: OpenPGP vs. X.509
stefanxe at gmx.net
Sat Jan 24 22:50:40 CET 2009
I see you didn't mean that MD5 is REQUIRED but mean that the problem is
MD5 is ALLOWED. I agree that this is really a problem.
OpenPGP declared MD5 possible for legacy reasons only so that MD5 is
practically not used in the OpenPGP world anymore. This is different in
the X.509 world where MD5 is used widely. I am not sure if X.509 defines
valid algorithms at all or if it is just a kind of container. At least a
quick look in RFC4158 supports this assumption. I appreciate if somebody
could tell me whether this is correct or wrong.
Robert J. Hansen schrieb:
> Stefan X wrote:
>> Are you sure about the hardwired dependencies to MD5? I know real world
>> examples where no MD5 is used at all with X.509 and I am quite sure they
>> are standard conform.
> Daniel Nagy said it better than I could --
> "As far as I can judge, X.509 PKI is still in the state of catastrophic
> failure with no obvious way out.
> Right now, if my browser (or yours, or anybody else's) tells me that the
> site I am browsing presented a certificate issued to it by a legitimate
> CA, I cannot be sure that this assertion is true. Rejecting all
> certificates with MD5 in their signatures is not a solution (there are
> too many out there and replacing them requires non-trivial cooperation
> between different parties; no-one can do it acting alone). Not issuing
> any more MD5-based certificates is not a solution (who knows how many
> rogue CAs are already out there?). In fact, I do not see an easy and
> cheap solution out of this mess."
More information about the Gnupg-devel