Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

ietf-smime

Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

2008-12-31 13:42:58

Timothy J. Miller wrote:

Dr Stephen Henson wrote:

Mike wrote:

I sent my last message a bit too hastily.  Other ideas that I was
contemplating should have been mentioned including:

  - remove any unrecognized extensions
  - remove tumors

Those could potentially cause problems if for some reason they were
actually needed.  This one, though, shouldn't cause trouble:

  - add a private EKU with a random number (or two) in the OID

That would not mess up the serial number scheme in use or modify the
subject name as has been suggested.


Or add a non-critical extension with some randomness in it...

Do you want to propose id-ce-magicCookie OBJECT IDENTIFIER ::= {id-ce55} or should I? :)


draft-01 already:  Make that id-ce-magicNumber instead.  :)

-- Tim

smime.p7s
Description: S/MIME Cryptographic Signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, (continued) Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Mike RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Dr Stephen Henson RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller <= RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Tim Moses Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate, Eric Rescorla Re: [saag] Further MD5 breaks: Creating a rogue CA certificate, Yoav Nir RE: [saag] Further MD5 breaks: Creating a rogue CA certificate, Santosh Chokhani Message not available Re: [saag] Further MD5 breaks: Creating a rogue CA certificate, Russ Housley Message not available Re: [saag] Further MD5 breaks: Creating a rogue CA certificate, Scott Rea RE: [saag] Further MD5 breaks: Creating a rogue CA certificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate, Eric Rescorla Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate, Timothy J. Miller Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate, Eric Rescorla

Previous by Date:	Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller
Next by Date:	Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller
Previous by Thread:	Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller
Next by Thread:	RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Tim Moses
Indexes:	[Date] [Thread] [Top] [All Lists]