On Wed, Dec 31, 2008 at 8:58 AM, Ralph J.Mayer <[email protected]> wrote: >> I sort of agree with this. Remember that this is a collision attack, so >> it's only useful to the extent to which CAs continue to issue certificates >> with MD5. My understanding is that all the remaining such CAs are >> phasing it out *very* quickly if they haven't already done so. > > We'll see if they learned their lesson when sha1 is as broken as md5.
This is why it would be good to move to randomized sequence numbers now to futureproof against this kind of attack even if SHA-1 is broken. -Ekr
