Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CA certificate

[Eric Rescorla <ekr@networkresonance.com>]

At Wed, 31 Dec 2008 14:20:39 +1300,
Peter Gutmann wrote:
> 
> "Peter Hesse" <pmhesse@geminisecurity.com> writes:
> 
> >Ceasing the issuance of certificates with MD5 used in the signature doesn't
> >solve the problem of the certificates that have already been issued and are
> >still out there, any number of which may be rogue.
> >
> >Replacing, or marking as untrusted all root certificates which have any
> >current valid (i.e. non-expired, non-revoked) certificates with MD5 used in
> >the signature could have tremendous undesirable impact and be an untenable
> >solution.
> 
> I hate to be the one to point to the elephant in the room (well OK, I don't
> hate it, it's rather fun actually) but you need to keep this in perspective:
> one in ten AuthentiCode-signed Windows binaries is malware, and cybercrooks
> have no problems at all obtaining certs from commercial CAs using stolen
> identities and credentials for pretty much any use they want.  The current MD5
> attack is very cool but there's no need to worry about bad guys doing much
> with it because it's much, much easier to get legitimate CA-issued certs the
> normal way, you buy them just like everyone else does (except that you use
> someone else's credit card and identity, obviously).
> 
> In other words, if this problem is fixed, would anyone other than security
> geeks even notice?  I doubt the crooks will.

Well, if we're going to be pointing ot the obvious, then code signing actually
seems kind of off-point as well. > 50% of IE users are not running up-to-date
copies of their browser.[0] In many cases this means that the browsers have
remote exploits. Why worry about AuthentiCode?

-Ekr


[0] http://www.techzoom.net/publications/insecurity-iceberg/index.en
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag