[Top] [All Lists]

Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate

2008-12-30 17:33:57

On Tue, Dec 30, 2008 at 2:05 PM, Timothy J. Miller 
<tmiller(_at_)mitre(_dot_)org> wrote:
Randomizing serial numbers has implications for OCSP operations,
particularly those that use presigned responses in order to optimize

It seems that the disruption caused by modifying serial number
generation for existing CAs is pretty high. Would an easier solution
be to either a) make the validity period vary slightly (in the
documented attack, the notBefore was always a fixed interval from the
submission time, and making this vary in a period of just a few
minutes would have thwarted it, if I'm understanding correctly), or b)
the CA sticks some random junk in the subject DN (not an MPEG of a
cat, but maybe OU=sf9fj3 [some base64 PRNG data]).

Blake Ramsdell |

<Prev in Thread] Current Thread [Next in Thread>