Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

ietf-smime

Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

2008-12-31 13:23:14


Mike wrote:


I sent my last message a bit too hastily.  Other ideas that I was
contemplating should have been mentioned including:

  - remove any unrecognized extensions
  - remove tumors

Those could potentially cause problems if for some reason they were
actually needed.  This one, though, shouldn't cause trouble:

  - add a private EKU with a random number (or two) in the OID

That would not mess up the serial number scheme in use or modify the
subject name as has been suggested.


Or add a non-critical extension with some randomness in it...

Steve.
-- 
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson(_at_)drh-consultancy(_dot_)co(_dot_)uk, PGP key: via homepage.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: [saag] Further MD5 breaks: Creating a rogue CA certificate, (continued) RE: [saag] Further MD5 breaks: Creating a rogue CA certificate, Santosh Chokhani Message not available Re: [saag] Further MD5 breaks: Creating a rogue CA certificate, Jeffrey Hutzelman RE: [saag] Further MD5 breaks: Creating a rogue CA certificate, Peter Gutmann RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Mike Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Mike RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Dr Stephen Henson <= RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Tim Moses Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate, Eric Rescorla Re: [saag] Further MD5 breaks: Creating a rogue CA certificate, Yoav Nir

Previous by Date:	RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani
Next by Date:	RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani
Previous by Thread:	Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller
Next by Thread:	RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani
Indexes:	[Date] [Thread] [Top] [All Lists]