Re: [keyassure] Opening issue #21: "Need to specify which crypto

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 02 March 2011 21:36 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 237D13A68BB for <keyassure@core3.amsl.com>; Wed, 2 Mar 2011 13:36:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.614
X-Spam-Level:
X-Spam-Status: No, score=-102.614 tagged_above=-999 required=5 tests=[AWL=-0.015, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cSBgNZDhgJm2 for <keyassure@core3.amsl.com>; Wed, 2 Mar 2011 13:36:09 -0800 (PST)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [IPv6:2001:770:10:200:21b:21ff:fe3a:3d50]) by core3.amsl.com (Postfix) with ESMTP id BC0DC3A68A9 for <keyassure@ietf.org>; Wed, 2 Mar 2011 13:36:08 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 8AC8A3E40AB; Wed, 2 Mar 2011 21:37:13 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h=date :subject:from:x-mailer:message-id:content-type :content-transfer-encoding:mime-version:in-reply-to:references :received:received:x-virus-scanned; s=cs; t=1299101833; bh=SFrlp 3lhVX5Tq2ZslykU5F/8zu+ZWPyhPZQ/Ja3VAvc=; b=vdewKfbvxu9ulK+lNVwhN 4OiajkNMY0LxksbddATgb6LsxFEXnK0wm7A96e+6xTIalsC6qTDCiniu95kQL3iz 0RwQb8oGdILmcrvVmPMGXOVujzc13PFvtiUnBYhp3BBS/4pf85NktIaJOrF+t56j KoqvVd+9UltEx699Cc+ecPP6wx+kjC9X2ZOCutbxwaUMMAaaMmZvAOQ9s74E25NM jtaW/CYN4UfB4wBZ+UAS3/Ptd+EmnI3ARc4M4S/ECu7WCS41dvLeGRk05wtUWpw4 A6xi+ypLr6o4Tp3oGeQQymXOaYqU/Dgr6wzrTfvyvYqi7O64pQ1f0TUwq8K9OEWX A==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id 0eHfQhtqSqzU; Wed, 2 Mar 2011 21:37:13 +0000 (GMT)
Received: from [10.87.48.4] (dsl-102-234.cust.imagine.ie [87.232.102.234]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 9856F3E40A7; Wed, 2 Mar 2011 21:37:12 +0000 (GMT)
References: <AANLkTikHANKvT49P5RUwjxRt5oEMFxV5dYQLcCXixLSA@mail.gmail.com> <201103021724.p22HOttB009647@fs4113.wdf.sap.corp> <AANLkTimuo1fjW7QQffK5ah4_Bw0LUXoRzVaULbCmpzUU@mail.gmail.com>
In-Reply-To: <AANLkTimuo1fjW7QQffK5ah4_Bw0LUXoRzVaULbCmpzUU@mail.gmail.com>
Mime-Version: 1.0 (iPhone Mail 8C148)
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Message-Id: <4DD7F1F3-476F-4C2F-9DCD-6A6678045C69@cs.tcd.ie>
X-Mailer: iPhone Mail (8C148)
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Wed, 2 Mar 2011 21:37:09 +0000
To: Phillip Hallam-Baker <hallam@gmail.com>
Cc: "keyassure@ietf.org" <keyassure@ietf.org>
Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2011 21:36:11 -0000

On 2 Mar 2011, at 21:24, Phillip Hallam-Baker <hallam@gmail.com> wrote:

> Which is why I am arguing it is time to withdraw SHA1 from service. It
> is only marginally more secure than MD5.

"Marginally"? Evidence please? I dont think exageration helps your case.

S


> 
> 
> 
> On Wed, Mar 2, 2011 at 12:24 PM, Martin Rex <mrex@sap.com> wrote:
>> Phillip Hallam-Baker wrote:
>>> 
>>> The use of MD2 in a self signed cert has little risk as far as use of
>>> the cert itself goes since it only serves as proof of possession which
>>> is only relevant when the browser provider chooses to install it in
>>> the browser.
>> 
>> In the universe where I live, there exist collision attacks against MD2.
>>  (check http://en.wikipedia.org/wiki/MD2_%28cryptography%29)
>> 
>> So an RSA-key for which a PKCS#1 encrypted MD2 signature has been
>> published is a real security problem and ought to have been discarded
>> long ago.
>> 
>> Else someone could try to use the preimage attack to issue himself
>> an intermediate CA cert under such a root cert, reusing the md2-based
>> signature on the RootCA cert.
>> 
>> I would REALLY like to kill md2withRsaEncryption as a digital
>> signature algorithm from our PKI implementation, like I did
>> with all of md4-based digital signature algorithms.
>> 
>> 
>> Getting rid of "tainted" RSA keys is also important.
>> 
>> Why do you think that FIPS 186-3 says that you are not allowed
>> to use an RSA keypair for both PKCS-v1.5 and PKCS-PSS signatures?
>> Because you "taint" your RSA key on the first time that you use it
>> for a weak scheme.
>> 
>> -Martin
>> 
> 
> 
> 
> -- 
> Website: http://hallambaker.com/
> _______________________________________________
> keyassure mailing list
> keyassure@ietf.org
> https://www.ietf.org/mailman/listinfo/keyassure