deprecate the use of MD-5 and SHA-1 in the monkeysphere
"recent results against SHA1":http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf look pretty scary. And "MD5 is even more badly broken":http://www.win.tue.nl/hashclash/rogue-ca/ .
We should ensure that we're using something stronger than SHA1 in the monkeysphere, for both hosts and clients. Adoption of SHA-256 or SHA-512 instead would be reasonable.
And while nothing in the monkeysphere uses MD5 explicitly, i believe our key verification relies on MD5 implicitly because "GPG accepts MD5-based signatures":http://lists.gnupg.org/pipermail/gnupg-devel/2009-May/024969.html
Unfortunately, there is no current mechanism within gpg to explicitly reject signatures made over any particular digest :( If such a mechanism was to be created, i'd like very much to reject signatures made over an MD5 digest immediately. I don't know when we would need to add SHA-1 to that list, since "a lot of migration work needs to be done first":https://www.debian-administration.org/users/dkg/weblog/48
(from redmine: created on 2009-05-06)