ietf-smime
[Top] [All Lists]

Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

2009-01-04 16:51:50

At 10:23 PM +0200 1/4/09, Yoav Nir wrote:
On Jan 4, 2009, at 9:11 PM, Paul Hoffman wrote:

At 9:02 AM +0200 1/4/09, Yoav Nir wrote:
Best we can do is to get the CAs to

(1) not issue MD5 certs anymore and
(2) randomize the serial number and/or
(3) and a random fluff extension that people are talking about

Just to repeat it one more time: #3 does not prevent the published attack.

It does if the random fluff is inserted by the CA. The attack depends on their 
ability to predict the entire TBS part.

I may have misunderstood the paper, but I think that changes after the 
subjectPublicKeyInfo do not affect the attack.

But still, I don't see Microsoft removing a root CA because one of their 
sub-CAs is issuing non-compliant certificates.

It is hard to see Microsoft removing or adding CAs. If anyone knows of a 
public interface (mailing list, web site, whatever) for when this happens, by 
all means please the world know.

I managed to find a page with their policy on adding new root CAs. Nothing 
there about removing old root CAs.

I'm not talking about the policy: I'm talking about the actual trust anchors 
themselves.

And if Microsoft don't, nobody else will. The Firefox/Opera/Safari/Chrome 
people don't want any sites that "only work with Explorer".

At least with respect to Firefox, I think that statement is false.

They've done quite a bit to render broken sites that were made for IE.

That is irrelevant for this thread. There are active discussions in the Firefox 
community about adding and removing trust anchors that are and are not already 
in the IE trust anchor pile.

Also, I've updated today and all the "bad" CAs with MD5 signatures are still 
in the TAS.

As was pointed out to me earlier: it does not matter if the CA has its cert 
signed with MD5, only whether that CA *signs* with MD5. RapidSSL, for example, 
is still signed with MD5 but is now signing with SHA-1.

--Paul Hoffman, Director
--VPN Consortium

<Prev in Thread] Current Thread [Next in Thread>