On 31.12.2008 03:26, Nelson B Bolyard wrote:
Dan, I believe Paul was suggesting that he did not want to see signatures on email messages themselves be invalidated just because they use MD5. The email messages themselves have different vulnerability characteristics than the signatures on the certificates, because the latter may be much more predictable.
Yes. However, we can't be sure, and surely it's just a matter of time until there's an exploit for that, too.
I would suggest to keep verifying them, but (in case of positive result) let the UI show a message "The message was verified to be signed by the author, but the signature of the message uses an algorithm that has been broken since 2004-2008, so the signature might have been forged. While that is unlikely and it is very likely that the message is indeed from the signified author, it is not 100% sure anymore." The icon would need to differentiate, too, to prevent a scenario where I always sign with SHA-1 and the attacker uses MD5, and my recipient doesn't notice.
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
