un-trusting MD5 in gpg
David Shaw
dshaw at jabberwocky.com
Mon May 4 13:16:34 CEST 2009
On May 4, 2009, at 4:09 AM, Werner Koch wrote:
> On Mon, 4 May 2009 04:44, dshaw at jabberwocky.com said:
>
>> + if(sig->digest_algo==DIGEST_ALGO_MD5)
>> + return G10ERR_BAD_SIGN;
>
> I don't think that this is helpful. It catches one common case but
> does
> not catch all the other cases where a signature is used for a
> malicious
> purpose. There are many other ways of doing so, for example leaking
> ones own key. A signature is a statement of the signer about
> something
> he believes. We can't force him to believe the Right Thing.
Certainly not. That code is just a hack for Daniel Gillmor to see how
feasible it is in practice to run without MD5. It is not at all a
rigorous solution to the problem. It's also not at all something
appropriate to include in GPG without quite a bit of other work (it
breaks half the selftests, causes --print-mds to hit a BUG() case, etc).
David
More information about the Gnupg-devel
mailing list