One would think we want to start using SHA-1 or even SHA256 (assuming
client vendors implement SHA256 ASAP) and ask the CAs emanating from
commercial roots to perform responsible I&A before issuing certificates.
It will also help if the client side certificate policy processing
became more of a norm.
But, all of this is probably expecting too much. My fear is that
expecting any of this is also too much.
[mailto:cfrg-bounces(_at_)irtf(_dot_)org] On Behalf Of
Sent: Tuesday, December 30, 2008 8:21 PM
Cc: ietf-pkix(_at_)imc(_dot_)org; ietf-smime(_at_)imc(_dot_)org;
Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue
"Peter Hesse" <pmhesse(_at_)geminisecurity(_dot_)com> writes:
Ceasing the issuance of certificates with MD5 used in the signature
solve the problem of the certificates that have already been issued and
still out there, any number of which may be rogue.
Replacing, or marking as untrusted all root certificates which have any
current valid (i.e. non-expired, non-revoked) certificates with MD5
the signature could have tremendous undesirable impact and be an
I hate to be the one to point to the elephant in the room (well OK, I
hate it, it's rather fun actually) but you need to keep this in
one in ten AuthentiCode-signed Windows binaries is malware, and
have no problems at all obtaining certs from commercial CAs using stolen
identities and credentials for pretty much any use they want. The
attack is very cool but there's no need to worry about bad guys doing
with it because it's much, much easier to get legitimate CA-issued certs
normal way, you buy them just like everyone else does (except that you
someone else's credit card and identity, obviously).
In other words, if this problem is fixed, would anyone other than
geeks even notice? I doubt the crooks will.
Cfrg mailing list