IETF Logo Mail Archive

Re: [saag] Further MD5 breaks: Creating a rogue CA certificate

"Santosh Chokhani" <SChokhani@cygnacom.com> Wed, 31 December 2008 16:04 UTC

Return-Path: <saag-bounces@ietf.org>
X-Original-To: saag-archive@ietf.org
Delivered-To: ietfarch-saag-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9514728C0F7; Wed, 31 Dec 2008 08:04:55 -0800 (PST)
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A116328C0F7 for <saag@core3.amsl.com>; Wed, 31 Dec 2008 08:04:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.408
X-Spam-Level:
X-Spam-Status: No, score=-1.408 tagged_above=-999 required=5 tests=[AWL=0.061, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aehK6YOniXPG for <saag@core3.amsl.com>; Wed, 31 Dec 2008 08:04:54 -0800 (PST)
Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by core3.amsl.com (Postfix) with SMTP id C034E3A68E5 for <saag@ietf.org>; Wed, 31 Dec 2008 08:04:53 -0800 (PST)
Received: (qmail 3140 invoked from network); 31 Dec 2008 15:05:05 -0000
Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4; 31 Dec 2008 15:05:05 -0000
Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 31 Dec 2008 15:05:04 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Wed, 31 Dec 2008 10:04:40 -0500
Message-ID: <FAD1CF17F2A45B43ADE04E140BA83D489365A1@scygexch1.cygnacom.com>
In-Reply-To: <495B84F0.3030506@mitre.org>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Further MD5 breaks: Creating a rogue CA certificate
Thread-Index: AclrWAfbgnf2g3ujTbSdpg9MXzs4IAAANDWw
References: <200812301605.mBUG5cKU027325@raisinbran.srv.cs.cmu.edu> <9535147E88DA266C69B983D0@atlantis.pc.cs.cmu.edu> <p0624081dc5802a331eac@[10.20.30.158]> <20081230213934.C219450822@romeo.rtfm.com> <495A9B44.1010201@mitre.org> <20081230223500.48BD350822@romeo.rtfm.com> <200812302223.mBUMNqDL040943@balder-227.proper.com> <495B84F0.3030506@mitre.org>
From: Santosh Chokhani <SChokhani@cygnacom.com>
To: cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org, ietf-pkix@imc.org
Subject: Re: [saag] Further MD5 breaks: Creating a rogue CA certificate
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: saag-bounces@ietf.org
Errors-To: saag-bounces@ietf.org

Mini CRL are not a standard.

That said, using implementators agreement (based on whether high order
to low order bits are true serial number) one bit per certificate can be
assigned and the random prefix or appendage to the serial number
ignored.

-----Original Message-----
From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]
On Behalf Of Timothy J. Miller
Sent: Wednesday, December 31, 2008 9:43 AM
To: Russ Housley
Cc: Eric Rescorla; cfrg@irtf.org; ietf-smime@imc.org; saag@ietf.org;
ietf-pkix@imc.org
Subject: Re: Further MD5 breaks: Creating a rogue CA certificate

Russ Housley wrote:
> 
>> I'm not sure I understand the issue here, but
>> they don't actually have to be totally randomized. You could use a
>> PRF so they were predictable to the CA.
> 
> That works.  This works too: the serial number could be composed of 
> two parts, where the most significant bits are a counter and the 
> least significant bits are randomly generated.

How would Corestreet's miniCRL format fare under this?

-- Tim

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email