RE: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

["Santosh Chokhani" <SChokhani@xxxxxxxxxxxx>]

We must fix X.509 since it is not broken.

We must preserve MD5 since it is weak.

We must provide economic and political support to client side vendors
who refuse to implement SHA-256.  We must treat them with kid gloves and
work around them.

The world economy is in the tank.

People want to shoot each other.

I see a patent here that is not very random.

-----Original Message-----
From: saag-bounces@xxxxxxxx [mailto:saag-bounces@xxxxxxxx] On Behalf Of
Ben Laurie
Sent: Thursday, January 01, 2009 12:45 PM
To: Paul Hoffman
Cc: cfrg@xxxxxxxx; ietf-smime@xxxxxxx; saag@xxxxxxxx; ietf-pkix@xxxxxxx;
mike-list@xxxxxxxxx
Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue
CAcertificate

Paul Hoffman wrote:
> At 3:06 PM +0000 1/1/09, Ben Laurie wrote:
>> Surely the whole point of DER is that there's only one correct way to
>> encode any particular certificate?
> 
> Not so "surely". The SEQUENCE for extensions does not say what order
they should be in.

That doesn't change the _point_ of DER. If extensions should have been
specified as a SET but are defined as a SEQUENCE, then they are broken
(technically).

>> So, either extensions must be sorted, or changing their order changes
>> their meaning. Either way, nothing can be reordered.
> 
> Wrong on both counts. Each extension has stand-alone semantics, and
they can be in any order.

My point was about the correct use of DER. It seems extensions use it
incorrectly.

> However, this is irrelevant for the MD5 break discussion, as is
clearly shown in the paper.

I am discussing the correct use of DER :-)

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
_______________________________________________
saag mailing list
saag@xxxxxxxx
https://www.ietf.org/mailman/listinfo/saag