un-trusting MD5 in gpg

Werner Koch wk at gnupg.org
Mon May 4 10:09:33 CEST 2009

On Mon,  4 May 2009 04:44, dshaw at jabberwocky.com said:

> +    if(sig->digest_algo==DIGEST_ALGO_MD5)
> +      return G10ERR_BAD_SIGN;

I don't think that this is helpful.  It catches one common case but does
not catch all the other cases where a signature is used for a malicious
purpose.  There are many other ways of doing so, for example leaking
ones own key.  A signature is a statement of the signer about something
he believes.  We can't force him to believe the Right Thing.

Thus giving back an error code of "Bad signature" is wrong.  It is a
good signature because the signer intended exactly that.  The question
is how you evaluate such a signature.  This is a matter of trust and
hard to put in code for a general purpose application, like gpg.

What can be done is to print a warning (already on our task list) and to
implement an option to ignore signatures done with digest algorithm foo
(similar to --disable-cipher-also)



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-devel mailing list