[Top] [All Lists]

Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

2009-01-01 12:33:51

At 3:06 PM +0000 1/1/09, Ben Laurie wrote:
Surely the whole point of DER is that there's only one correct way to
encode any particular certificate?

Not so "surely". The SEQUENCE for extensions does not say what order they 
should be in.

So, either extensions must be sorted, or changing their order changes
their meaning. Either way, nothing can be reordered.

Wrong on both counts. Each extension has stand-alone semantics, and they can be 
in any order.

However, this is irrelevant for the MD5 break discussion, as is clearly shown 
in the paper.

--Paul Hoffman, Director
--VPN Consortium

<Prev in Thread] Current Thread [Next in Thread>