Date: Fri, 02 Jan 2009 11:20:00 +0100 To: announce@eugridpma.org Subject: Impact of December 30th MD5 collision vulnerability on the IGTF Dear IGTF relying parties, New research results regarding weaknesses of the MD5 hash function used in X.509 certificates [1] have prompted members of the IGTF Risk Assessment Team (RAT) [2] to re-review the hash functions used in IGTF. The IGTF RAT does not believe there is an increased threat to the Grid PKI at this time. No CAs accredited by IGTF currently issue new certificates using MD5. Thus, this attack against MD5 is not a risk for IGTF CAs. IGTF has been migrating from MD5 to SHA-1 since MD5 weaknesses were published in 2004. The IGTF distribution contains some CA certificates using MD5. However, the fact that CA certificates are installed by the relying party from the IGTF distribution means that these signatures are not a critical trust component and do not represent a significant risk at this time. Some IGTF CAs currently sign CRLs using MD5. In our analysis, CRLs are not impacted by current MD5 attack methods, because their content is determined by the CA, so this is not an immediate risk. However, the RAT will continue to make recommendations to the IGTF to phase out the use of MD5 and encourage middleware developers to support stronger signature algorithms. On behalf of the IGTF/IGTF RAT Sincerely, Jim Basney David Groep Jens Jensen Yoshio Tanaka [1] http://www.win.tue.nl/hashclash/rogue-ca [2] http://tagpma.es.net/wiki/bin/view/IGTF-RAT