[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

To: Paul Hoffman <paul.hoffman@xxxxxxxx>
Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate
From: Ben Laurie <ben@xxxxxxxxx>
Date: Thu, 01 Jan 2009 17:44:32 +0000
Cc: Ben Laurie <benl@xxxxxxxxxx>, Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx>, ietf-pkix@xxxxxxx, mike-list@xxxxxxxxx, cfrg@xxxxxxxx, saag@xxxxxxxx, ietf-smime@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
References: <495BA5E9.8040305@xxxxxxxxx> <E1LILYj-00066V-WE@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@xxxxxxxxxxxxxx> <>
Sender: owner-ietf-smime@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.4.0

Paul Hoffman wrote:
> At 3:06 PM +0000 1/1/09, Ben Laurie wrote:
>> Surely the whole point of DER is that there's only one correct way to
>> encode any particular certificate?
> 
> Not so "surely". The SEQUENCE for extensions does not say what order they should be in.

That doesn't change the _point_ of DER. If extensions should have been
specified as a SET but are defined as a SEQUENCE, then they are broken
(technically).

>> So, either extensions must be sorted, or changing their order changes
>> their meaning. Either way, nothing can be reordered.
> 
> Wrong on both counts. Each extension has stand-alone semantics, and they can be in any order.

My point was about the correct use of DER. It seems extensions use it
incorrectly.

> However, this is irrelevant for the MD5 break discussion, as is clearly shown in the paper.

I am discussing the correct use of DER :-)

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Follow-Ups:
- RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
  - From: Santosh Chokhani

References:
- Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate
  - From: Mike
- Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate
  - From: Peter Gutmann
- Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
  - From: Paul Hoffman

Prev by Date: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
Next by Date: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
Previous by thread: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
Next by thread: RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
Index(es):
- Date
- Thread