As mentioned, self-signed roots have their own problems and hash is not
one of them. They need other means to protect since signatures on them
are useless.
-----Original Message-----
From: owner-ietf-pkix(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-pkix(_at_)mail(_dot_)imc(_dot_)org]
On Behalf Of RL 'Bob' Morgan
Sent: Tuesday, December 30, 2008 4:18 PM
To: Paul Hoffman
Cc: ietf-pkix(_at_)imc(_dot_)org; ietf-smime(_at_)imc(_dot_)org;
saag(_at_)ietf(_dot_)org; cfrg(_at_)irtf(_dot_)org
Subject: Re: [saag] Further MD5 breaks: Creating a rogue CA certificate
Regardless of that, the authors of the MD5 paper are correct: trust
anchors signed with MD5 are highly questionable as of today (well,
actually, since they published their last paper). Hopefully, the
maintainers of the popular trust anchor repositories (Microsoft,
Mozilla, etc.) will yank out the trust anchors signed with MD5 (and
MD2!) as soon as possible.
This is a different claim than "CAs should stop issuing certs with MD5
signatures", which is what I as an amateur take away from a quick scan
of
the material. Obviously MD5 is suspect in various ways, but does this
new
work lead to the conclusion that MD5-signed roots are untrustworthy
today?
Replacing a root is a much bigger deal then changing signing practices.
- RL "Bob"