Re: [keyassure] Opening issue #21: "Need to specify which crypto
Phillip Hallam-Baker <hallam@gmail.com> Wed, 02 March 2011 21:23 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DBD083A6850 for <keyassure@core3.amsl.com>; Wed, 2 Mar 2011 13:23:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.571
X-Spam-Level:
X-Spam-Status: No, score=-3.571 tagged_above=-999 required=5 tests=[AWL=0.028, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nhwCsR+0VwBX for <keyassure@core3.amsl.com>; Wed, 2 Mar 2011 13:23:37 -0800 (PST)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id 506B33A6816 for <keyassure@ietf.org>; Wed, 2 Mar 2011 13:23:34 -0800 (PST)
Received: by bwz13 with SMTP id 13so680868bwz.31 for <keyassure@ietf.org>; Wed, 02 Mar 2011 13:24:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=eSYi5jinXVdrHG5Rg8+6z3+8KWTnxiJPFi0urM+06Bw=; b=LaEdo1KBjzEwY3SEkd+llbCHya+/WVtQuSnUBQ+c3qptfEEj4BFPosdPu89igfPSa9 6/I+DMvjomIrl6uJe14b007vFUqHkxzf8YEYAub7yhth2nnMZl/yuT0BARfBPae7wiUv oydSOKbclti1m3rWDyvcyarzWRdA6tTkcSQZo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=mqXf38Ugxw/d4IU3+xirVrysVIidfrMUUyH6tn+U+8tfmMaNmxMOIk5YX+PCaDF6Bg hDAD566I7nRwB7heKzswQWRbS2EG3jdjp8EAnW9FW8Dyfjp2ornWWjjTceAON9A+1+IO FVzt+8ZCOt/WVUJ14MP1O7c1GOQswGX10wL7s=
MIME-Version: 1.0
Received: by 10.204.52.136 with SMTP id i8mr566699bkg.74.1299101080044; Wed, 02 Mar 2011 13:24:40 -0800 (PST)
Received: by 10.204.14.139 with HTTP; Wed, 2 Mar 2011 13:24:40 -0800 (PST)
In-Reply-To: <201103021724.p22HOttB009647@fs4113.wdf.sap.corp>
References: <AANLkTikHANKvT49P5RUwjxRt5oEMFxV5dYQLcCXixLSA@mail.gmail.com> <201103021724.p22HOttB009647@fs4113.wdf.sap.corp>
Date: Wed, 02 Mar 2011 16:24:40 -0500
Message-ID: <AANLkTimuo1fjW7QQffK5ah4_Bw0LUXoRzVaULbCmpzUU@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: mrex@sap.com
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: keyassure@ietf.org
Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2011 21:23:39 -0000
I was aware of that attack. That is not a problem with the use of MD2 in a self-signed certificate. That is a problem of having used MD2. The problem there is that if you have a key that has been used to sign with MD2 it is going to be permanently tainted regardless of what place the cert is in the chain and regardless of what type of cert it is. The attacker can 'correct' for any defect wrt cert type, validity interval etc. There is only one effective defense against that attack and that is to withdraw the MD2 algorithm from service. You don't get any additional security from adding additional stronger algorithms to the support list. You only get additional security from withdrawing a weak algorithm from service. Which is why I am arguing it is time to withdraw SHA1 from service. It is only marginally more secure than MD5. On Wed, Mar 2, 2011 at 12:24 PM, Martin Rex <mrex@sap.com> wrote: > Phillip Hallam-Baker wrote: >> >> The use of MD2 in a self signed cert has little risk as far as use of >> the cert itself goes since it only serves as proof of possession which >> is only relevant when the browser provider chooses to install it in >> the browser. > > In the universe where I live, there exist collision attacks against MD2. > (check http://en.wikipedia.org/wiki/MD2_%28cryptography%29) > > So an RSA-key for which a PKCS#1 encrypted MD2 signature has been > published is a real security problem and ought to have been discarded > long ago. > > Else someone could try to use the preimage attack to issue himself > an intermediate CA cert under such a root cert, reusing the md2-based > signature on the RootCA cert. > > I would REALLY like to kill md2withRsaEncryption as a digital > signature algorithm from our PKI implementation, like I did > with all of md4-based digital signature algorithms. > > > Getting rid of "tainted" RSA keys is also important. > > Why do you think that FIPS 186-3 says that you are not allowed > to use an RSA keypair for both PKCS-v1.5 and PKCS-PSS signatures? > Because you "taint" your RSA key on the first time that you use it > for a weak scheme. > > -Martin > -- Website: http://hallambaker.com/
- [keyassure] Opening issue #21: "Need to specify w… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Scott Schmit
- Re: [keyassure] Opening issue #21: "Need to speci… Stephen Farrell
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Sean Turner
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- [keyassure] crypto hash alg deprecation is a myth Martin Rex
- Re: [keyassure] crypto hash alg deprecation is a … Rob Stradling
- Re: [keyassure] crypto hash alg deprecation is a … Phillip Hallam-Baker
- Re: [keyassure] crypto hash alg deprecation is a … Andrew Sullivan
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] crypto hash alg deprecation is a … Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Andrew Sullivan
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Andrew Sullivan
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Murray S. Kucherawy
- Re: [keyassure] Opening issue #21: "Need to speci… Murray S. Kucherawy
- Re: [keyassure] Opening issue #21: "Need to speci… Ben Laurie
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… George Barwood
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… Brian Smith
- Re: [keyassure] Opening issue #21: "Need to speci… Jakob Schlyter
- Re: [keyassure] Opening issue #21: "Need to speci… Ben Laurie
- Re: [keyassure] Opening issue #21: "Need to speci… Rob Stradling
- Re: [keyassure] Opening issue #21: "Need to speci… George Barwood
- Re: [keyassure] Opening issue #21: "Need to speci… Sean Turner
- Re: [keyassure] Opening issue #21: "Need to speci… Nicholas Weaver
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Martin Rex
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… bmanning
- Re: [keyassure] Opening issue #21: "Need to speci… Yoav Nir
- Re: [keyassure] Opening issue #21: "Need to speci… Phillip Hallam-Baker
- Re: [keyassure] Opening issue #21: "Need to speci… Chris Palmer
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Peter Gutmann
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Paul Hoffman
- Re: [keyassure] Opening issue #21: "Need to speci… Warren Kumari
- Re: [keyassure] Opening issue #21: "Need to speci… Tony Hansen