Comment 16 for bug 1516031

Agreeing with everything Daniel Berrange has said. My summary of the issue is as follows:

Using MD5 to compute a digest of an image and then applying a digital signature to the digest means that the digital signature of the image is only as trustworthy as MD5. Since there have been practical attacks against MD5 generating collisions, it's not safe to use MD5 in this manner with a feature intended to provide security.

We will resolve the issue in Glance and push an implementation in Nova that does not have the vulnerability by switching over to signatures which are generated by signing the image data directly (i.e. not signing the MD5 or any other digest).

Glance spec to resolve the issue in Glance by switching over to signing the image data directly: https://review.openstack.org/#/c/252462/

Nova spec describing image signature verification before booting: https://review.openstack.org/#/c/188874/