We already knew that MD5 is a broken hash function. Now researchers have successfully forged MD5-signed certificates. This isn't a big deal. The research is great; it's good work, and I always like to see cryptanalytic attacks used to break real-world security systems. Making that jump is often much harder than cryptographers think. But SSL doesn't provide much in the way of security, so breaking it doesn't harm security very much. Pretty much no one ever verifies SSL certificates, so there's not much attack value in being able to forge them. And even more generally, the major risks to data on the Internet are at the endpoints -- Trojans and rootkits on users' computers, attacks against databases and servers, etc -- and not in the network. While it is true that browsers do some SSL certificate verification, when they find an invalid certificate they display a warning dialog box which everyone -- me included -- ignores. There are simply too many valid sites out there with bad certificates for that warning to mean anything. This comment by Ted Dziuba is far too true: "If you're like me and every other user on the planet, you don't give a sh*t when an SSL certificate doesn't validate. Unfortunately, commons-httpclient was written by some pedantic f*cknozzles who have never tried to fetch real-world webpages." (Asterisks put in so a zillion spam/profanity blockers won't block this entire e-mail.) I'm not losing a whole lot of sleep because of these attacks. But -- come on, people -- no one should be using MD5 anymore.
http://www.schneier.com/