Differences: OpenPGP vs. X.509

Werner Koch wk at gnupg.org
Sun Jan 25 16:26:58 CET 2009

On Sat, 24 Jan 2009 23:06, rjh at sixdemonbag.org said:

> More like, "support for MD5 is required."  Sure, you can create X.509
> certs that use SHA-1, but the amount of MD5 certs in the X.509
> ecosystem, and the incredible problems involved in moving these certs to

>From my experience that is not true.  MD5 is definitely not hardwired
into X.509.  In fact SHA-1 is for quite some years the predominant hash
algorithm. The only semi-hardwired algorithm is RSA which is not a
problem.  Of course you can use DSA but it is too hard to use because it
is not supported by any mass market application.

The troubles we are currently in with X.509 is similar to OpenPGP: Most
fielded applications do not support SHA-256 and thus we can't yet use
SHA-256.  It will takes about 5 years before SHA-256 is practically
usable with X.509.  For OpenPGP it is far easier because PGP and GnuPG
support SHA-256 for quite some time.

Back to MD5 and X.509 used with SSL (TLS): I know that there are quite
some CAs who still issue MD5 signed certificates.  However we also all
know the problems of web security - MD5 is for sure not the weakest
link.  For example the bunch of pre-installed root certificates is an
easier target to attack.  And we won't be able to change the
pre-installed root certificates in consumer applications until the
hardware goes out of fashion and new hardware with a newer OS will be
used.  Too bad.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-devel mailing list