Re: [keyassure] Opening issue #21: "Need to specify which crypto

Phillip Hallam-Baker <hallam@gmail.com> Wed, 02 March 2011 17:03 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C9C013A6774 for <keyassure@core3.amsl.com>; Wed, 2 Mar 2011 09:03:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.57
X-Spam-Level:
X-Spam-Status: No, score=-3.57 tagged_above=-999 required=5 tests=[AWL=0.029, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ngqeWKsZ-1et for <keyassure@core3.amsl.com>; Wed, 2 Mar 2011 09:03:52 -0800 (PST)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id 7864C3A6848 for <keyassure@ietf.org>; Wed, 2 Mar 2011 09:03:52 -0800 (PST)
Received: by bwz13 with SMTP id 13so403677bwz.31 for <keyassure@ietf.org>; Wed, 02 Mar 2011 09:04:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=oCGM7MyzhoQkJ7ub0s8ceb0uiD1kp/VMgUgXVpAOGy0=; b=bzhEtdMwr5nrAkPIyg/ehqx5tY3J7OUV8j0z629L4qVILEcgKzFt7Q1JYCeZMZFjhS STzf1fETrlt4OyZmUxT/X5YkNSRVi/xbe/GgdL5BKKvogvpkuQKiqzb3C9A8ZwWHEGGh 0f7xAh3WzzciC+rWWSWxWuVYu+IUy7rW/n/0I=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=mCiK46G0ztG5ucJfCLkzY3QvKFvs/gsJlXtczJbN1PPe+t++jucs4WwPEYfUQvmeHm 8Ohief/Kffro9MRkIIrDoLtoLkrPlQI7+NFmwFF/EvciCMlntZDXg4Zd6WSAvU/j+hPX Q+mwiMvO9GKUsMgFEJsU5+J9ltqKLqOuuP6Gg=
MIME-Version: 1.0
Received: by 10.204.73.160 with SMTP id q32mr226644bkj.155.1299085496782; Wed, 02 Mar 2011 09:04:56 -0800 (PST)
Received: by 10.204.14.139 with HTTP; Wed, 2 Mar 2011 09:04:56 -0800 (PST)
In-Reply-To: <201103021529.p22FTFOu002845@fs4113.wdf.sap.corp>
References: <201103020150.p221owI6017784@fs4113.wdf.sap.corp> <201103021529.p22FTFOu002845@fs4113.wdf.sap.corp>
Date: Wed, 2 Mar 2011 12:04:56 -0500
Message-ID: <AANLkTikHANKvT49P5RUwjxRt5oEMFxV5dYQLcCXixLSA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: mrex@sap.com
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: keyassure@ietf.org
Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2011 17:03:53 -0000

The use of MD2 in a self signed cert has little risk as far as use of
the cert itself goes since it only serves as proof of possession which
is only relevant when the browser provider chooses to install it in
the browser.

Under windows the cert is actually authenticated under the CTL
structure which uses SHA1 at the least.


There are certainly issues with MD2, but that is not one of them.


Argument by analogy is a really bad way to conduct a security review.
We are not at all happy with the situation with respect to digets
algorithms. Moving away from SHA1 is going to be a huge problem for
the industry.

If anyone here thinks that DANE is going to be allowed to add to that
problem, well they need learning otherwise.


Choice of the crypto alg is meant to be the easy part of the problem.


On Wed, Mar 2, 2011 at 10:29 AM, Martin Rex <mrex@sap.com> wrote:
> Martin Rex wrote:
>>
>> And there are still a number of TrustAnchors in every Browser that
>> carry an md5WithRsaEncryption signature.
>>
>> But it's actually worse than that -- VeriSign still has a CA cert
>> in service with an md2WithRsaEncryption -- and is still using it
>> productively (check https://www.hp.com/).
>
> I'm terribly sorry, I mixed up the (by now long) list of VeriSign
> RootCA certs.
>
> The RootCA cert under which the server cert for https://www.hp.com
> is "VeriSign Class 3 Public Primary Certification Authority - G2"
> and uses sha1WithRsaEncryption.  But it still is an X.509v1 cert.
>
> My Firefox 3.5.13 comes with these three VeriSign RooCA certs
> that are X.509v1, use md2WithRsaSignature and valid until 02-Aug-2028:
>
>   "VeriSign Class 1 Public Primary Certification Authority"
>   "VeriSign Class 2 Public Primary Certification Authority"
>   "VeriSign Class 3 Public Primary Certification Authority"
>
>
> -Martin
>



-- 
Website: http://hallambaker.com/