Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

ietf-smime

Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

2009-01-01 12:33:51


At 3:06 PM +0000 1/1/09, Ben Laurie wrote:

Surely the whole point of DER is that there's only one correct way to
encode any particular certificate?


Not so "surely". The SEQUENCE for extensions does not say what order they 
should be in.

So, either extensions must be sorted, or changing their order changes
their meaning. Either way, nothing can be reordered.


Wrong on both counts. Each extension has stand-alone semantics, and they can be 
in any order.

However, this is irrelevant for the MD5 break discussion, as is clearly shown 
in the paper.

--Paul Hoffman, Director
--VPN Consortium

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, (continued) Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Yoav Nir Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Paul Hoffman RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Weger, B.M.M. de Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Yoav Nir Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Yoav Nir RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Message not available Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Jeffrey Hutzelman Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Peter Gutmann Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller Message not available Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Paul Hoffman <= Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Ben Laurie RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Ben Laurie RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Stephen Kent

Previous by Date:	Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Mike
Next by Date:	Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Eric Rescorla
Previous by Thread:	Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller
Next by Thread:	Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Ben Laurie
Indexes:	[Date] [Thread] [Top] [All Lists]