ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

2008-12-31 13:01:30
from [Mike] [Permanent Link] 

I sent my last message a bit too hastily.  Other ideas that I was
contemplating should have been mentioned including:

  - remove any unrecognized extensions
  - remove tumors

Those could potentially cause problems if for some reason they were
actually needed.  This one, though, shouldn't cause trouble:

  - add a private EKU with a random number (or two) in the OID

That would not mess up the serial number scheme in use or modify the
subject name as has been suggested.

Mike


I wrote:

There is a simple fix -- a CA can just reorder the extensions prior
to issuing a certificate.

Mike
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Mike
Next by Date:  RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani
Previous by Thread:  Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Mike
Next by Thread:  RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani
Indexes:  [Date] [Thread] [Top] [All Lists]