[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate
Mike <mike-list@xxxxxxxxx> writes:
>> We are simply not vigilant enough. This issue has been on our plate
>> since 2004.
>> SHA-1 is next and neither the client side vendors nor the big
>> Enterprises have pushed to move to SHA-256.
>There is a simple fix -- a CA can just reorder the extensions prior to
>issuing a certificate.
That's actually a nice fix, but unfortunately not universally applicable: for
some types of signed data (e.g. S/MIME attributes) the DER rules require
sorting the encoded extensions, so there's only one valid order for them (and
some applications actually check for this, so you have to do it or sig checks
will start failing).