[Top] [All Lists]

RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

2009-01-08 00:36:42

"Viviani Paz" <v(_dot_)paz(_at_)uq(_dot_)edu(_dot_)au> writes:

1- browser vendors strongly encouraging the CA organisations vulnerable to
this problem (using MD5) to get their act together. I'd like to see the
browser vendors giving them a cut off timeframe and remove these root certs
from their trust lists for good.

The problem with this is that it's not going to be so easy to tell who's at
fault, the first MD5 cert may not appear until several levels down the food
chain so there's no way to tell whether a particular root ends in an MD5 cert.
And if you do remove a root because some unrelated party five steps down the
food chain uses MD5 I can see lawsuits happening...

2- meanwhile browser vendors could issue a warning when certificates relying
on MD5 are in use, this is simpler to be done and shame goes a long way
sometimes. It doesn't resolve the problem, but sets things in motion.

That one would definitely work, but has the downside of penalising innocent
customers of the CA that issued the cert and not the CA that made the mess.
You'd have to convince the CA to issue free replacements for this to work,
possibly by framing the warning message in terms of the CA using unsafe
practices rather than the site itself being insecure.  Even then it's a rather
indirect approach that doesn't really target the guilty party since you're
scaring the user who is supposed to exert pressure on the site which is then
supposed to pressure the CA for a fix.

(This is one of those great all-care-and-no-responsibility situations, the CAs
can pretty much screw up as much as they want but there's no real
repercussions for anyone because of the collateral damage issue.  The debate
on the Mozilla forums shows this, there's all manner of knee-jerk reactions
possible to make an example of someone convenient but none of them really get
to the root of the problem).