Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

"Tim Moses" <tim.moses@entrust.com> Mon, 05 January 2009 06:54 UTC

Return-Path: <saag-bounces@ietf.org>
X-Original-To: saag-archive@ietf.org
Delivered-To: ietfarch-saag-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 56B5428C0F6; Sun, 4 Jan 2009 22:54:26 -0800 (PST)
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E28243A67FF for <saag@core3.amsl.com>; Wed, 31 Dec 2008 07:37:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IMIr6e20DHNE for <saag@core3.amsl.com>; Wed, 31 Dec 2008 07:37:12 -0800 (PST)
Received: from sottccs1.entrust.com (sottccs1.entrust.com [216.191.252.13]) by core3.amsl.com (Postfix) with SMTP id 11B483A687F for <saag@ietf.org>; Wed, 31 Dec 2008 07:37:11 -0800 (PST)
Received: (qmail 28690 invoked from network); 31 Dec 2008 15:36:57 -0000
Received: from tim.moses@entrust.com by sottccs1.entrust.com with EntrustECS-Server-8.0; 31 Dec 2008 15:36:57 -0000
Received: from unknown (HELO sottexch1.corp.ad.entrust.com) (10.4.51.28) by sottccs1.entrust.com with SMTP; 31 Dec 2008 15:36:56 -0000
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 31 Dec 2008 10:36:56 -0500
Message-ID: <04398A2C9F306C4690265C144089972D0D3B3B13@sottexch1.corp.ad.entrust.com>
In-Reply-To: <495B8D28.6070601@mitre.org>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate
Thread-Index: AclrXBEEqsU/Y6e/ROuPhuoyz8ZfcAAAQNmw
References: <08bb01c96ac7$1cd5a750$5680f5f0$@com> <E1LHplH-0006Xw-V6@wintermute01.cs.auckland.ac.nz> <FAD1CF17F2A45B43ADE04E140BA83D4893658D@scygexch1.cygnacom.com> <495B8D28.6070601@mitre.org>
From: Tim Moses <tim.moses@entrust.com>
To: "Timothy J. Miller" <tmiller@mitre.org>
X-Mailman-Approved-At: Sun, 04 Jan 2009 22:54:23 -0800
Cc: ietf-pkix@imc.org, ietf-smime@imc.org, cfrg@irtf.org, saag@ietf.org
Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2075001077=="
Sender: saag-bounces@ietf.org
Errors-To: saag-bounces@ietf.org

Colleagues - It has been confirmed that no EV issuer is signing certificates with MD5.  Also, EV certificates cannot be issued by an automated process, putting another obstacle in the path of an attacker.  All the best.  Tim.

Tim Moses
+1 613 270 3183

-----Original Message-----
From: owner-ietf-smime@mail.imc.org [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Timothy J. Miller
Sent: Wednesday, December 31, 2008 10:18 AM
To: Santosh Chokhani
Cc: ietf-pkix@imc.org; ietf-smime@imc.org; cfrg@irtf.org; saag@ietf.org
Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

Santosh Chokhani wrote:
> One would think we want to start using SHA-1 or even SHA256 (assuming 
> client vendors implement SHA256 ASAP) and ask the CAs emanating from 
> commercial roots to perform responsible I&A before issuing certificates.

Speaking of I&A, I found it interesting to note that the CA/Browser forum guidelines for EV certs allows (but recommends against) MD5 until 2010.

The spot check of EV issuers I did yesterday didn't turn up anyone actually using MD5, but I didn't have all of 'em available.

-- Tim


_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag