[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate
Paul Hoffman wrote:
> At 3:06 PM +0000 1/1/09, Ben Laurie wrote:
>> Surely the whole point of DER is that there's only one correct way to
>> encode any particular certificate?
> Not so "surely". The SEQUENCE for extensions does not say what order they should be in.
That doesn't change the _point_ of DER. If extensions should have been
specified as a SET but are defined as a SEQUENCE, then they are broken
>> So, either extensions must be sorted, or changing their order changes
>> their meaning. Either way, nothing can be reordered.
> Wrong on both counts. Each extension has stand-alone semantics, and they can be in any order.
My point was about the correct use of DER. It seems extensions use it
> However, this is irrelevant for the MD5 break discussion, as is clearly shown in the paper.
I am discussing the correct use of DER :-)
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff