Differences: OpenPGP vs. X.509
Stefan X
stefanxe at gmx.net
Sat Jan 24 21:27:31 CET 2009
Are you sure about the hardwired dependencies to MD5? I know real world
examples where no MD5 is used at all with X.509 and I am quite sure they
are standard conform.
Robert J. Hansen schrieb:
> Stefan X wrote:
>> As explained before I see huge benefits in case one format
>> would be used instead of two.
>
> X.509 is effectively dead. The protocol has a lot of hardwired
> dependencies on MD5, and the ongoing attacks against MD5 are
> below-the-waterline holes on X.509.
>
> X.509 may be overhauled to repair the damage, or it may be discarded.
> We don't know at this point. This makes it very premature to talk about
> any kind of merging of standards.
>
>
More information about the Gnupg-devel
mailing list