[Top] [All Lists]

Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate

2008-12-30 17:17:12
Eric Rescorla wrote:
At Tue, 30 Dec 2008 12:53:06 -0800,
Paul Hoffman wrote:

Your recollection may be off. I believe I was the person who brought
up the serial number hack at the mic, and I'm pretty sure I said
"some", not "many" (and certainly not "most"!). When I looked at a
handful of popular CAs earlier this week, I only found a few who are
using randomization in their serial numbers.

I don't know whether many or most do it. IMO everyone should.

Randomizing serial numbers has implications for OCSP operations, particularly those that use presigned responses in order to optimize performance.

Why presign? Because for a large network with varying levels of support, it may be easier to move around sets of pre-produced responses to distributed keyless OCSP responders than to guarantee connectivity to a keyed OCSP service.

Why presign batches rather than individual responses? Because for a large PKI the response pre-production time can exceed the CRL update frequency.

-- Tim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

<Prev in Thread] Current Thread [Next in Thread>