[Top] [All Lists]

Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

2008-12-31 13:39:46
Dr Stephen Henson wrote:
Mike wrote:
I sent my last message a bit too hastily.  Other ideas that I was
contemplating should have been mentioned including:

  - remove any unrecognized extensions
  - remove tumors

Those could potentially cause problems if for some reason they were
actually needed.  This one, though, shouldn't cause trouble:

  - add a private EKU with a random number (or two) in the OID

That would not mess up the serial number scheme in use or modify the
subject name as has been suggested.

Or add a non-critical extension with some randomness in it...

Do you want to propose id-ce-magicCookie OBJECT IDENTIFIER ::= {id-ce 55} or should I? :)

-- Tim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

<Prev in Thread] Current Thread [Next in Thread>