> I sort of agree with this. Remember that this is a collision attack, so > it's only useful to the extent to which CAs continue to issue certificates > with MD5. My understanding is that all the remaining such CAs are > phasing it out *very* quickly if they haven't already done so. We'll see if they learned their lesson when sha1 is as broken as md5. rm