[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

To: ietf-pkix@xxxxxxx, mike-list@xxxxxxxxx
Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Fri, 02 Jan 2009 00:17:49 +1300
Cc: cfrg@xxxxxxxx, ietf-smime@xxxxxxx, saag@xxxxxxxx
In-reply-to: <495BA5E9.8040305@xxxxxxxxx>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxxxxxxx

Mike <mike-list@xxxxxxxxx> writes:

>> We are simply not vigilant enough.  This issue has been on our plate
>> since 2004.
>>
>> SHA-1 is next and neither the client side vendors nor the big
>> Enterprises have pushed to move to SHA-256.
>
>There is a simple fix -- a CA can just reorder the extensions prior to
>issuing a certificate.

That's actually a nice fix, but unfortunately not universally applicable: for
some types of signed data (e.g. S/MIME attributes) the DER rules require
sorting the encoded extensions, so there's only one valid order for them (and
some applications actually check for this, so you have to do it or sig checks
will start failing).

Peter.

Follow-Ups:
- RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
  - From: Santosh Chokhani

References:
- Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate
  - From: Mike

Prev by Date: RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate
Next by Date: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
Previous by thread: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate
Next by thread: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
Index(es):
- Date
- Thread