[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [saag] X.509 certificate collision, via MD5 collisions

To: Sam Roberts <sroberts@xxxxxxxxxxxx>, ietf-pkix@xxxxxxx
Subject: Re: [saag] X.509 certificate collision, via MD5 collisions
From: Russ Housley <housley@xxxxxxxxxxxx>
Date: Thu, 03 Mar 2005 14:27:11 -0500
In-reply-to: <20050303164658.GA26100@xxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <OFF9411C23.FE0B7C79-ON85256FB8.0057CB89-85256FB9.004B75B7@xxxxxxxxxx> <4227252B.6040600@xxxxxxxxxxxxx> <20050303164658.GA26100@xxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Some CAs issue very few certificates, so it is very easy to predict thenext serial number that will be used by looking at the last certificatethat was issued.


Russ


At 11:46 AM 3/3/2005, Sam Roberts wrote:

Wrote Ben Laurie <ben@xxxxxxxxxxxxx>, on Thu, Mar 03, 2005 at 02:54:35PM+0000:

> The issue is not the length of the serial number but its predictability.

I thought most CAs put some random component into the serial number, and
even for ones that just using a simple integer count, it would seem
quite difficult to predict the number of the next cert to be issued.

So, can anybody describe practical prediction strategies?

Cheers,
Sam

--
Sam Roberts <sroberts@xxxxxxxxxxxx>

References:
- Re: [saag] X.509 certificate collision, via MD5 collisions
  - From: Tom Gindin
- Re: [saag] X.509 certificate collision, via MD5 collisions
  - From: Ben Laurie
- Re: [saag] X.509 certificate collision, via MD5 collisions
  - From: Sam Roberts

Prev by Date: Re: [saag] X.509 certificate collision, via MD5 collisions
Next by Date: Re: [saag] Another bad day at the hash function factory
Previous by thread: Re: [saag] X.509 certificate collision, via MD5 collisions
Next by thread: Re: [saag] X.509 certificate collision, via MD5 collisions
Index(es):
- Date
- Thread