[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes

Sean McNamara smcnam at gmail.com
Mon Jan 12 12:04:04 UTC 2009

The essence of this bug is not one that we can fix in software. The
problem is not an implementation detail; it is inherent in the
algorithms used to comply with the X.509 Cert spec. The implementations
thereof are not buggy with respect to this "bug" report; any
implementation that correctly behaves according to the spec will exhibit
the same behavior. Meanwhile, breaking compliance with the spec will
cause any services which depend upon MD5-signed X.509 certificates to
fail in some way.

The real fix rests entirely on the shoulders of CAs who continue to use
MD5 hashing as an encryption technique. If Ubuntu software implements
automatic refusal of MD5-signed PKI certificates, many users' workflow
will be disrupted. Additionally, regression testing is not based solely
on a particular domain of computers or deployments; a _comprehensive_
regression test would require attempting to establish HTTPS with _every_
website out there. And you can't do that, because many websites are
within LANs, VPNs, etc.

In the example of Firefox, it might be acceptable to consider any
MD5-signed X.509 certificates to be invalid, which then displays the
"Get me out of here!" vs. "Add an exception..." buttons, just as if
someone used themselves as the root CA, i.e. self-signing, which is
never accepted as a valid certificate already.

I would caution against implementing anything, or accepting upstream
"bug fixes" to any services, which does not provide the user an
alternative (be it a configuration file, command line switch,
environment variable, or GUI) to accept the certificate even if it is
invalid. Otherwise, this will disrupt existing, legitimate, production
services based on a fairly far-fetched attack which must be hand-crafted
for each individual victim. But as long as users have some documented
way of bypassing a warning about this problem, that is fine.

Stop honoring digital signatures based on MD5 hashes
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in ubuntu.

More information about the Ubuntu-mozillateam-bugs mailing list