ietf-smime
[Top] [All Lists]

Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

2008-12-31 12:15:43

We are simply not vigilant enough.  This issue has been on our plate
since 2004.

SHA-1 is next and neither the client side vendors nor the big
Enterprises have pushed to move to SHA-256.

There is a simple fix -- a CA can just reorder the extensions prior
to issuing a certificate.

Mike

<Prev in Thread] Current Thread [Next in Thread>