Len Sassaman <Len(_dot_)Sassaman(_at_)esat(_dot_)kuleuven(_dot_)be> writes:
On Thu, 10 Jun 2010, Simon Josefsson wrote:
A self-signed trust root with MD2 is not a security problem by itself:
it is not the digital signature that is trusted, it is the public key in
the certificate. The MD2 roots are still shipped and trusted in several
modern packages (e.g., Ubuntu 10.04 LTS ca-certificates).
No, it absolutely *is* a security problem. Should someone develop a
preimage attack on MD2, all they need do is move the (valid) MD2
signature to an intermediate cert with BasicConstraints CA=yes, and
then they have themselves a CA.
I don't see how that gains you anything: you still need to make clients
place trust in the new CA, and if the attacker has that ability, all
bets are off.
/Simon
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime