On Sun, Mar 22, 2015 at 11:06 AM, Gregory Maxwell
On Sun, Mar 22, 2015 at 2:56 PM, Phillip Hallam-Baker
People keep telling me that canonicalization is necessary for
security. In 25 years I have never once heard someone give a use case
where it did.
Okay, sure I can fix that problem for you, here is a recent example;
look at OpenSSL CVE CVE-2014-8275
A CA has signed an intermediate CA cert which is loaded in an
interception appliance. You blacklist this certificate by ID. Your
blacklisting is bypassed by simply changing the encoding of the when
sending the cert chain and now your traffic can be intercepted again.
(This isn't unique, but a recent example; if you're still thinking
that you've still not had once usecase where it did I'd be glad to
spend more time convincing you off-list)
Umm, I remain unconvinced. Basically this comes down to a defective
signature validation routine.
For revocation purposes the fingerprint should be taken over the
signedData blob or a subset thereof (e.g. keyinfo).
PKIX does not use the fingerprint for revocation, it uses the issuer
name and serial number.
openpgp mailing list