On Fri, Mar 07, 2003 at 10:33:39AM -0800, Jon Callas wrote:
No. PGP is not just about encryption, there's also signatures (in
particular, certification signatures).
So we're no longer recommending against MD5? To my mind, MD5 is already a
reason not to use V3.
The problem with MD5 is that it might become possible to find
collisions; but it doesn't look as if MD5 were not preimage-safe.
So there's nothing wrong about verifying *old* MD5-based signatures.
It's just not a good idea to generate *new* MD5-based signatures
unless you can be sure that the data to be signed has not specifically
been generated to exploit a collision in MD5. And RFC 2440 already
warns that
V3 keys SHOULD only be used for backward compatibility [...]
--
Bodo Möller <moeller(_at_)cdc(_dot_)informatik(_dot_)tu-darmstadt(_dot_)de>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036