Researchers generate different X.509 certificates with the same MD5 hash - ouch. This really kills MD5 for signatures.