ietf-smime
[Top] [All Lists]

RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

2008-12-31 03:21:04

One would think we want to start using SHA-1 or even SHA256 (assuming
client vendors implement SHA256 ASAP) and ask the CAs emanating from
commercial roots to perform responsible I&A before issuing certificates.

It will also help if the client side certificate policy processing
became more of a norm.

But, all of this is probably expecting too much.  My fear is that
expecting any of this is also too much.

-----Original Message-----
From: cfrg-bounces(_at_)irtf(_dot_)org 
[mailto:cfrg-bounces(_at_)irtf(_dot_)org] On Behalf Of
Peter Gutmann
Sent: Tuesday, December 30, 2008 8:21 PM
To: paul(_dot_)hoffman(_at_)vpnc(_dot_)org; 
pmhesse(_at_)geminisecurity(_dot_)com;
rlmorgan(_at_)washington(_dot_)edu
Cc: ietf-pkix(_at_)imc(_dot_)org; ietf-smime(_at_)imc(_dot_)org; 
cfrg(_at_)irtf(_dot_)org; saag(_at_)ietf(_dot_)org
Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue
CAcertificate

"Peter Hesse" <pmhesse(_at_)geminisecurity(_dot_)com> writes:

Ceasing the issuance of certificates with MD5 used in the signature
doesn't
solve the problem of the certificates that have already been issued and
are
still out there, any number of which may be rogue.

Replacing, or marking as untrusted all root certificates which have any
current valid (i.e. non-expired, non-revoked) certificates with MD5
used in
the signature could have tremendous undesirable impact and be an
untenable
solution.

I hate to be the one to point to the elephant in the room (well OK, I
don't
hate it, it's rather fun actually) but you need to keep this in
perspective:
one in ten AuthentiCode-signed Windows binaries is malware, and
cybercrooks
have no problems at all obtaining certs from commercial CAs using stolen
identities and credentials for pretty much any use they want.  The
current MD5
attack is very cool but there's no need to worry about bad guys doing
much
with it because it's much, much easier to get legitimate CA-issued certs
the
normal way, you buy them just like everyone else does (except that you
use
someone else's credit card and identity, obviously).

In other words, if this problem is fixed, would anyone other than
security
geeks even notice?  I doubt the crooks will.

Peter.
_______________________________________________
Cfrg mailing list
Cfrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/cfrg

<Prev in Thread] Current Thread [Next in Thread>