[Top] [All Lists]

RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

2009-01-01 06:31:54

"Santosh Chokhani" <SChokhani(_at_)cygnacom(_dot_)com> writes:

We are simply not vigilant enough.  This issue has been on our plate since

It's not just this, the fact that there were CA certs out there with the CA
flag (in basicConstraints) not set was known for at least five years before
widespread bad publicity forced CAs to address it, the RSA exponent=1 debacle
was known for at least that long but no-one cared until there was lots of bad
publicity about it... there's a really serious problem with CAs and vendors
simply not caring about PKI security until bad publicity forces a change, the
curent MD5 issue (and the cert debacle and the Gromozon malware-
signing cert issue and ...) are just the latest examples.  It's like the
Microsoft of ten years ago, security holes just get ignored until bad
publicity forces a fix (and even then it's often more of a sidestep to avoid
further criticism than an actual fix).

It's small wonder that there's such widespread cynicism about PKI when even
the organisations pushing it don't seem to care whether it's done properly or