ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

2009-01-01 13:04:02
from [Eric Rescorla] [Permanent Link] 

At Thu, 01 Jan 2009 07:51:38 -0800,
Mike wrote:



Is there anything that could be added to RP software to reliably
detect and thwart the use of a rogue CA certificate?  Or would
any attempt to do that just cause too many problems?

Mike (who is writing "I am not a security expert" 100 times on
       the chalkboard)


You could certainly add a check for this particular certificate
and any others you discovered. To the extent to which CAs no 
longer use MD5, this would likely quickly clean up the damage.
It's less clear that you could safely detect this kind of
cert in a generic way.

-Ekr
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate, Paul Hoffman
Next by Date:  Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Ben Laurie
Previous by Thread:  Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Mike
Next by Thread:  RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Peter Hesse
Indexes:  [Date] [Thread] [Top] [All Lists]