[Top] [All Lists]

Re: [smime] [Fwd: I-D ACTION:draft-turner-md2-to-historic-00.txt]

2010-06-10 12:34:10
On Thu, 10 Jun 2010, Simon Josefsson wrote:

I don't see how that gains you anything: you still need to make clients
place trust in the new CA, and if the attacker has that ability, all
bets are off.

The clients trust the new CA because it is an intermediate CA chained to the original, MD2-signed top-level CA. The intermediate cert is then treated with the same validity as *any* intermediate cert generated by that top-level cert -- since the top-level cert's signature verifies correctly on the intermediate cert, of course.

Do you understand the attack now?

This isn't *quite* such an issue, since after we brought it to the attention of CERT and the browser vendors, they either eliminated MD2 support entirely, or restricted it so that if an intermediate CA cert signed with MD2 would be rejected. (At least, I personally verifed Chrome and FireFox. I *think* IE and Opera were patched, too -- they should be.) So now we hope that browsers released prior to mid-2009 are retired from use before MD2 is broken in practice. Given the longevity of browsers, it's going to be close.

smime mailing list

<Prev in Thread] Current Thread [Next in Thread>