[Top] [All Lists]

Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

2009-01-04 02:45:21

On Jan 2, 2009, at 5:35 PM, Robert Moskowitz wrote:

Since MD5 is known bad and potentially dangerous at this point, I would suggest that the best client side action would be to fail to verify any signatures created using MD5. This will break some things, especially if existing business processes are relying on a certificate signed with MD5. However, it is a fail-safe and would prevent a rogue CA certificate created
in this fashion from being considered trustworthy.

And to Santosh's point (and others), my earlier email about
removing/replacing trust anchors was not because the self-signed
certificates are signed using MD5; I agree the trust anchor public keys are protected using other mechanisms. I am recommending that if CAs do nothing
to prevent this kind of attack (non-random serial numbers, issue
certificates signed with MD5, issue certificates in an automated,
predictable fashion) that those CAs should be removed from trust lists because they are no longer acting in the interest of the relying party--they
are an accomplice to the creation of these rogue certificates.

This sounds great at an IETF mike, but out in the field how do you get all those millions of browsers to pull down a new trust list that will no longer include CA foobar?

Can't happen now, and the way things are going, ain't going to happen before 2026 either.

There's this one company such that if they use Windows update to update their browsers, the others will follow. Technically, it's very easy to get rid of the bad CAs. However, that company is not going to modify their browsers, not now, probably not in the next few years.

So what tool do we have to get compliance to best practices? The good old 5th estate, get out their and give bad press to foobar until they fix their behaviour or their business model collapses and they go out of business and can no longer issue potentially rogue certs.

I don't think you can get a message like that across. This story evokes more of the "Wow! Clever hackers with 200 playstations" sentiment, not the "criminal negligence" sentiment. You can't get the media angry with a company unless the negligence causes something spectacular, like an exploding Ford Pinto. Even Jesse Walker's "unsafe at any keylength" article didn't have quite the impact of the original. And people still use WEP.

We can talk and posture all we want in the IETF. We are rather good at that, IMNSHO. But this is perfect proof of our impact as such on the business model of companies that use our technology; they will do what is expedient, not what is Best Practices.

Best we can do is to get the CAs to

(1) not issue MD5 certs anymore and
(2) randomize the serial number and/or
(3) and a random fluff extension that people are talking about

But still, I don't see Microsoft removing a root CA because one of their sub-CAs is issuing non-compliant certificates.

And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/ Chrome people don't want any sites that "only work with Explorer".

Email secured by Check Point

<Prev in Thread] Current Thread [Next in Thread>