IETF Logo Mail Archive

Re: [saag] Further MD5 breaks: Creating a rogue CA certificate

"Santosh Chokhani" <SChokhani@cygnacom.com> Tue, 30 December 2008 23:26 UTC

Return-Path: <saag-bounces@ietf.org>
X-Original-To: saag-archive@ietf.org
Delivered-To: ietfarch-saag-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CFDC428C309; Tue, 30 Dec 2008 15:26:17 -0800 (PST)
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 68ED428C309 for <saag@core3.amsl.com>; Tue, 30 Dec 2008 15:26:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.137
X-Spam-Level:
X-Spam-Status: No, score=-1.137 tagged_above=-999 required=5 tests=[AWL=0.332, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aBSynyiUy6gb for <saag@core3.amsl.com>; Tue, 30 Dec 2008 15:26:15 -0800 (PST)
Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by core3.amsl.com (Postfix) with SMTP id 8411A28C20A for <saag@ietf.org>; Tue, 30 Dec 2008 15:26:15 -0800 (PST)
Received: (qmail 29815 invoked from network); 30 Dec 2008 23:26:29 -0000
Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4; 30 Dec 2008 23:26:29 -0000
Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 30 Dec 2008 23:26:29 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Tue, 30 Dec 2008 18:26:04 -0500
Message-ID: <FAD1CF17F2A45B43ADE04E140BA83D4893657A@scygexch1.cygnacom.com>
In-Reply-To: <alpine.LFD.1.10.0812301313570.2644@perf.cac.washington.edu>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [saag] Further MD5 breaks: Creating a rogue CA certificate
Thread-Index: AclqxZr3n+guWOOLTkmzRrRAnrk5JgAEETnQ
References: <200812301605.mBUG5cKU027325@raisinbran.srv.cs.cmu.edu> <9535147E88DA266C69B983D0@atlantis.pc.cs.cmu.edu> <p0624081dc5802a331eac@[10.20.30.158]> <alpine.LFD.1.10.0812301313570.2644@perf.cac.washington.edu>
From: Santosh Chokhani <SChokhani@cygnacom.com>
To: RL 'Bob' Morgan <rlmorgan@washington.edu>, Paul Hoffman <paul.hoffman@vpnc.org>
Cc: ietf-pkix@imc.org, ietf-smime@imc.org, cfrg@irtf.org, saag@ietf.org
Subject: Re: [saag] Further MD5 breaks: Creating a rogue CA certificate
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: saag-bounces@ietf.org
Errors-To: saag-bounces@ietf.org

As mentioned, self-signed roots have their own problems and hash is not
one of them.  They need other means to protect since signatures on them
are useless.

-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of RL 'Bob' Morgan
Sent: Tuesday, December 30, 2008 4:18 PM
To: Paul Hoffman
Cc: ietf-pkix@imc.org; ietf-smime@imc.org; saag@ietf.org; cfrg@irtf.org
Subject: Re: [saag] Further MD5 breaks: Creating a rogue CA certificate



> Regardless of that, the authors of the MD5 paper are correct: trust 
> anchors signed with MD5 are highly questionable as of today (well, 
> actually, since they published their last paper). Hopefully, the 
> maintainers of the popular trust anchor repositories (Microsoft, 
> Mozilla, etc.) will yank out the trust anchors signed with MD5 (and 
> MD2!) as soon as possible.

This is a different claim than "CAs should stop issuing certs with MD5 
signatures", which is what I as an amateur take away from a quick scan
of 
the material.  Obviously MD5 is suspect in various ways, but does this
new 
work lead to the conclusion that MD5-signed roots are untrustworthy
today?
Replacing a root is a much bigger deal then changing signing practices.

  - RL "Bob"

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email