We are simply not vigilant enough. This issue has been on our plate
since 2004.
SHA-1 is next and neither the client side vendors nor the big
Enterprises have pushed to move to SHA-256.
-----Original Message-----
From: Timothy J. Miller [mailto:tmiller(_at_)mitre(_dot_)org]
Sent: Wednesday, December 31, 2008 10:18 AM
To: Santosh Chokhani
Cc: ietf-pkix(_at_)imc(_dot_)org; ietf-smime(_at_)imc(_dot_)org;
cfrg(_at_)irtf(_dot_)org; saag(_at_)ietf(_dot_)org
Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue
CAcertificate
Santosh Chokhani wrote:
One would think we want to start using SHA-1 or even SHA256 (assuming
client vendors implement SHA256 ASAP) and ask the CAs emanating from
commercial roots to perform responsible I&A before issuing
certificates.
Speaking of I&A, I found it interesting to note that the CA/Browser
forum guidelines for EV certs allows (but recommends against) MD5 until
2010.
The spot check of EV issuers I did yesterday didn't turn up anyone
actually using MD5, but I didn't have all of 'em available.
-- Tim