ietf-smime
[Top] [All Lists]

Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate

2008-12-31 10:01:12

At Wed, 31 Dec 2008 14:20:39 +1300,
Peter Gutmann wrote:

"Peter Hesse" <pmhesse(_at_)geminisecurity(_dot_)com> writes:

Ceasing the issuance of certificates with MD5 used in the signature doesn't
solve the problem of the certificates that have already been issued and are
still out there, any number of which may be rogue.

Replacing, or marking as untrusted all root certificates which have any
current valid (i.e. non-expired, non-revoked) certificates with MD5 used in
the signature could have tremendous undesirable impact and be an untenable
solution.

I hate to be the one to point to the elephant in the room (well OK, I don't
hate it, it's rather fun actually) but you need to keep this in perspective:
one in ten AuthentiCode-signed Windows binaries is malware, and cybercrooks
have no problems at all obtaining certs from commercial CAs using stolen
identities and credentials for pretty much any use they want.  The current MD5
attack is very cool but there's no need to worry about bad guys doing much
with it because it's much, much easier to get legitimate CA-issued certs the
normal way, you buy them just like everyone else does (except that you use
someone else's credit card and identity, obviously).

In other words, if this problem is fixed, would anyone other than security
geeks even notice?  I doubt the crooks will.

Well, if we're going to be pointing ot the obvious, then code signing actually
seems kind of off-point as well. > 50% of IE users are not running up-to-date
copies of their browser.[0] In many cases this means that the browsers have
remote exploits. Why worry about AuthentiCode?

-Ekr


[0] http://www.techzoom.net/publications/insecurity-iceberg/index.en

<Prev in Thread] Current Thread [Next in Thread>