The attack requires a collision between newly created certificates — one valid and one fake — deliberately created by the attacker. As such, there is no particular risk to existing SSL certificates signed with MD5, and they do not need to be replaced. VeriSign are nevertheless offering free replacements for customers that want them; and it is possible that browsers will start to distinguish certificates signed with MD5 so that users can exercise caution, as CERT have issued a vulnerability note suggesting that users could check for this manually.

The researchers have noted that certificates for Extended Validation (EV) SSL websites cannot be faked in this way — because the EV standard requires SHA1 or better signatures, and indeed there are no MD5-signed EV certificates found by our survey. This shows that requiring minimum standards from the CAs can have positive effects — hopefully browser vendors will take note, and start requiring that CAs apply similar minimum standards to other certificates.

Security remains a moving target, however, as researchers have also started to find weaknesses in SHA1. Although there are no attacks as advanced as those against MD5, it is likely that SHA1 will also be increasingly threatened by collision attacks as research in this area continues. There are more secure cryptographic hashes available, however, so we can expect to see CAs start to phase in newer, stronger hashes over the next few years.