[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Embedded certificate image

To: "ietf-pkix" <ietf-pkix@xxxxxxx>
Subject: RE: Embedded certificate image
From: "Kemp, David P." <DPKemp@xxxxxxxxxxxxxx>
Date: Mon, 3 Aug 2009 16:46:41 -0400
In-reply-to: <FAD1CF17F2A45B43ADE04E140BA83D48C73DE7@xxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <OF2286E3D9.59D2D2E5-ON85257604.0083D2A6-85257605.0000A6A0@xxxxxxxxxx> <4A76DD1E.2060805@xxxxxxxxx> <FAD1CF17F2A45B43ADE04E140BA83D48C73DE7@xxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AcoUOQZju1e67kdTSKWwyKSH/3Yj0AADvp3wAAxRyOA=
Thread-topic: Embedded certificate image

If a CA were going to accept user input to an image composed by the CA,
then the composition process can provide confounding data by doing more
than just "inserting a customer-provided graphic into a [known] template
provided by the CA".  The Security Considerations section could
recommend steganographic techniques for unpredictably modifying the
image in perceptually-insignificant ways, such as by adding noise to the
image data and/or inserting random tags in image formats for which tags
are defined.


-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]
On Behalf Of Santosh Chokhani
Sent: Monday, August 03, 2009 10:39 AM
To: Timothy J. Miller; Tom Gindin
Cc: Stefan Santesson; ietf-pkix
Subject: RE: Embedded certificate image


Tim,

Depending on the nature of collision, randomly reordering extensions may
not help at all or may not provide sufficiently low probability of
successful collision.

> -----Original Message-----
> From: Timothy J. Miller [mailto:tmiller@xxxxxxxxx] 
> Sent: Monday, August 03, 2009 8:51 AM
> To: Tom Gindin
> Cc: Stefan Santesson; ietf-pkix; Santosh Chokhani
> Subject: Re: Embedded certificate image
> 
> Tom Gindin wrote:
> >         Stefan:
> > 
> >         While it is unreasonable to dictate what a CA can accept, I 
> > think that the Security Considerations section should say something 
> > like: "the information about the certificate subject 
> contained in the 
> > image SHOULD NOT include any graphic supplied by the 
> applicant".  The 
> > "tumor" construct which we saw in MD5 collisions could be 
> placed into 
> > such a graphic.  Thus if a CA were to construct a graphic 
> by inserting 
> > a customer-provided graphic into a template provided by the CA, it 
> > would be subject to the same attacks as MD5 certificates have been, 
> > but it would not be evident from the certificate syntax.
> 
> I'd rather require the CA to include a confounder in the 
> prefix than restrict the CAs ability to accept input.  There 
> are multiple places where a CA can do this; serial number 
> being one (but more or less difficult for some PKIs to 
> implement), random-skew validity periods being another.  To 
> confound a prefix using this extension, random reordering 
> extensions is enough.
> 
> -- Tim
>

Follow-Ups:
- RE: Embedded certificate image
  - From: Stephen Kent
- RE: Embedded certificate image
  - From: Santosh Chokhani

References:
- Re: Embedded certificate image
  - From: Tom Gindin
- Re: Embedded certificate image
  - From: Timothy J. Miller
- RE: Embedded certificate image
  - From: Santosh Chokhani

Prev by Date: draft-turner-deviceowner-attribute last call comment
Next by Date: RE: Embedded certificate image
Previous by thread: RE: Embedded certificate image
Next by thread: RE: Embedded certificate image
Index(es):
- Date
- Thread