un-trusting MD5 in gpg [was: Re: removing SHA1 from digest preference list]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon May 4 02:48:55 CEST 2009 

On 05/03/2009 12:56 PM, Daniel Kahn Gillmor wrote:
> On 05/02/2009 11:26 PM, John W. Moore III wrote:
>> Exclude?  Even if MD5 isn't listed in the Preferences it is still
>> recognized and accepted by all OpenPGP Applications.
> 
> If this is true (i haven't tested it), i'd like to see that change.  i'd
> like at least to be able to tell gpg "please consider as invalid any
> credentials dependent upon an MD5 digest" and have it respect that.
> I'll try to test this out today.

I just tested this, and i have not been able to find a way to convince
gpg to treat MD5-digested certifications as untrustworthy. :(

I have not even been able to get gpg to issue a warning when checking
signatures using a known-broken digest algorithm (for example, when
doing check-sigs, even --with-colons --fixed-list-mode).

Does anyone know of a way to tell gnupg to ignore certifications based
on a particular digest algorithm?  Most modern TLS implementations have
adopted mechanisms to distrust signatures made over deprecated digest
algorithms, so i don't think this is a terribly unusual goal.  I just
don't see how to get there in gnupg without modifying the source.  Any
pointers?

Gnupg warns when *creating* md5 signatures, but that doesn't protect
against signatures that already exist, and it doesn't seem to protect
against interpreting or trusting signatures that rely on this
known-broken digest algorithm.

To be clear: i'm not looking to tell gnupg today "do not trust SHA1
digests," but i *am* looking to tell gnupg today "do not trust MD5
digests".  I'm willing to take that risk of cutting myself off from
older implementations with respect to MD5.  And i'm interested in seeing
what the consequences will be of taking such an action.

Suggestions for how to go about doing this with gnupg?

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090503/55a0fbac/attachment-0001.pgp>

More information about the Gnupg-devel mailing list