[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate
One would think we want to start using SHA-1 or even SHA256 (assuming
client vendors implement SHA256 ASAP) and ask the CAs emanating from
commercial roots to perform responsible I&A before issuing certificates.
It will also help if the client side certificate policy processing
became more of a norm.
But, all of this is probably expecting too much. My fear is that
expecting any of this is also too much.
From: cfrg-bounces@xxxxxxxx [mailto:cfrg-bounces@xxxxxxxx] On Behalf Of
Sent: Tuesday, December 30, 2008 8:21 PM
To: paul.hoffman@xxxxxxxx; pmhesse@xxxxxxxxxxxxxxxxxx;
Cc: ietf-pkix@xxxxxxx; ietf-smime@xxxxxxx; cfrg@xxxxxxxx; saag@xxxxxxxx
Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue
"Peter Hesse" <pmhesse@xxxxxxxxxxxxxxxxxx> writes:
>Ceasing the issuance of certificates with MD5 used in the signature
>solve the problem of the certificates that have already been issued and
>still out there, any number of which may be rogue.
>Replacing, or marking as untrusted all root certificates which have any
>current valid (i.e. non-expired, non-revoked) certificates with MD5
>the signature could have tremendous undesirable impact and be an
I hate to be the one to point to the elephant in the room (well OK, I
hate it, it's rather fun actually) but you need to keep this in
one in ten AuthentiCode-signed Windows binaries is malware, and
have no problems at all obtaining certs from commercial CAs using stolen
identities and credentials for pretty much any use they want. The
attack is very cool but there's no need to worry about bad guys doing
with it because it's much, much easier to get legitimate CA-issued certs
normal way, you buy them just like everyone else does (except that you
someone else's credit card and identity, obviously).
In other words, if this problem is fixed, would anyone other than
geeks even notice? I doubt the crooks will.
Cfrg mailing list