Re: Further MD5 breaks: Creating a rogue CA certificate
2008-12-30 17:10:59
Paul:
If the IETF feels that adding randomization to signatures is
important, we should define randomized signature functions. We could
start with NIST Draft SP 800-106
(<http://csrc.nist.gov/publications/drafts/800-106/2nd-Draft_SP800-106_July2008.pdf>).
However, I think that doing so is sending the wrong message: we
should instead be encouraging the use of non-broken hash functions.
This is a very different thing than a BCP that the recommends that
the certificate serial number include some random bits.
Russ
|
|