Re: Further MD5 breaks: Creating a rogue CA certificate

ietf-smime

Re: Further MD5 breaks: Creating a rogue CA certificate

2008-12-30 17:10:59


Paul:

If the IETF feels that adding randomization to signatures isimportant, we should define randomized signature functions. We couldstart with NIST Draft SP 800-106(<http://csrc.nist.gov/publications/drafts/800-106/2nd-Draft_SP800-106_July2008.pdf>).However, I think that doing so is sending the wrong message: weshould instead be encouraging the use of non-broken hash functions.

This is a very different thing than a BCP that the recommends thatthe certificate serial number include some random bits.

Russ

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: [saag] Further MD5 breaks: Creating a rogue CA certificate, (continued) RE: [saag] Further MD5 breaks: Creating a rogue CA certificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate, Eric Rescorla Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate, Timothy J. Miller Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate, Eric Rescorla Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate, Eric Rescorla Re: Further MD5 breaks: Creating a rogue CA certificate, Russ Housley Re: Further MD5 breaks: Creating a rogue CA certificate, Timothy J. Miller RE: Further MD5 breaks: Creating a rogue CA certificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate, Blake Ramsdell Re: Further MD5 breaks: Creating a rogue CA certificate, Hugo Krawczyk Re: Further MD5 breaks: Creating a rogue CA certificate, Russ Housley <= Message not available Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CA certificate, Jeffrey Hutzelman Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CA certificate, Nicolas Williams Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CA certificate, Jeffrey Hutzelman RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani

Previous by Date:	Re: [saag] Further MD5 breaks: Creating a rogue CA certificate, Yoav Nir
Next by Date:	Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CA certificate, Jeffrey Hutzelman
Previous by Thread:	Re: Further MD5 breaks: Creating a rogue CA certificate, Hugo Krawczyk
Next by Thread:	Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CA certificate, Jeffrey Hutzelman
Indexes:	[Date] [Thread] [Top] [All Lists]