ietf-smime
[Top] [All Lists]

RE: Further MD5 breaks: Creating a rogue CA certificate

2008-12-31 10:16:27

Mini CRL are not a standard.

That said, using implementators agreement (based on whether high order
to low order bits are true serial number) one bit per certificate can be
assigned and the random prefix or appendage to the serial number
ignored.

-----Original Message-----
From: owner-ietf-pkix(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-pkix(_at_)mail(_dot_)imc(_dot_)org]
On Behalf Of Timothy J. Miller
Sent: Wednesday, December 31, 2008 9:43 AM
To: Russ Housley
Cc: Eric Rescorla; cfrg(_at_)irtf(_dot_)org; ietf-smime(_at_)imc(_dot_)org; 
saag(_at_)ietf(_dot_)org;
ietf-pkix(_at_)imc(_dot_)org
Subject: Re: Further MD5 breaks: Creating a rogue CA certificate

Russ Housley wrote:

I'm not sure I understand the issue here, but
they don't actually have to be totally randomized. You could use a
PRF so they were predictable to the CA.

That works.  This works too: the serial number could be composed of 
two parts, where the most significant bits are a counter and the 
least significant bits are randomly generated.

How would Corestreet's miniCRL format fare under this?

-- Tim

<Prev in Thread] Current Thread [Next in Thread>