* Joe Greco: > It seems that part of the proposed solution is to get people to move from > MD5-signed to SHA1-signed. There will be a certain amount of resistance. > What I was suggesting was the use of the revocation mechanism as part of > the "stick" (think carrot-and-stick) in a campaign to replace MD5-based > certs. If there is a credible threat to MD5-signed certs, then forcing > their retirement would seem to be a reasonable reaction, but everyone here > knows how successful "voluntary" conversion strategies typically are.
A CA statement that they won't issue MD5-signed certificates in the future should be sufficient. There's no need to reissue old certificates, unless the CA thinks other customers have attacked it. > Either we take the potential for transparent MitM attacks seriously, or > we do not. I'm sure the NSA would prefer "not." :-) I doubt the NSA is interested in MITM attacks which can be spotted by comparing key material. 8-)
