IETF Logo Mail Archive

Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

"Santosh Chokhani" <SChokhani@cygnacom.com> Thu, 01 January 2009 19:48 UTC

Return-Path: <saag-bounces@ietf.org>
X-Original-To: saag-archive@ietf.org
Delivered-To: ietfarch-saag-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C75C828C16C; Thu, 1 Jan 2009 11:48:55 -0800 (PST)
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1668628C16C for <saag@core3.amsl.com>; Thu, 1 Jan 2009 11:48:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.438
X-Spam-Level:
X-Spam-Status: No, score=-1.438 tagged_above=-999 required=5 tests=[AWL=0.031, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYxSsRYBDQ+v for <saag@core3.amsl.com>; Thu, 1 Jan 2009 11:48:53 -0800 (PST)
Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by core3.amsl.com (Postfix) with SMTP id E927028C169 for <saag@ietf.org>; Thu, 1 Jan 2009 11:48:52 -0800 (PST)
Received: (qmail 12536 invoked from network); 1 Jan 2009 19:49:03 -0000
Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4; 01 Jan 2009 19:49:03 -0000
Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 1 Jan 2009 19:49:03 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Thu, 01 Jan 2009 14:48:40 -0500
Message-ID: <FAD1CF17F2A45B43ADE04E140BA83D489365F2@scygexch1.cygnacom.com>
In-Reply-To: <495D1C0A.2080105@links.org>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
Thread-Index: AclsSLgggyxnPlLcRtiDUadx0CecswAANOjQ
References: <495BA5E9.8040305@pobox.com> <E1LILYj-00066V-WE@wintermute01.cs.auckland.ac.nz> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com><p06240824c582ab4501d1@[10.20.30.158]> <495D0100.6000200@links.org> <FAD1CF17F2A45B43ADE04E140BA83D489365F1@scygexch1.cygnacom.com> <495D1C0A.2080105@links.org>
From: Santosh Chokhani <SChokhani@cygnacom.com>
To: Ben Laurie <ben@links.org>
Cc: cfrg@irtf.org, ietf-smime@imc.org, saag@ietf.org, ietf-pkix@imc.org, mike-list@pobox.com
Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: saag-bounces@ietf.org
Errors-To: saag-bounces@ietf.org

I do not think canonical means only one way to represent.

Extensions have always been a SEQUENCE with their OID denoting what
extension is next and their syntax.

Actually, we find SET in the case of RDN problematic.

-----Original Message-----
From: Ben Laurie [mailto:ben@links.org] 
Sent: Thursday, January 01, 2009 2:40 PM
To: Santosh Chokhani
Cc: Paul Hoffman; cfrg@irtf.org; ietf-smime@imc.org; saag@ietf.org;
ietf-pkix@imc.org; mike-list@pobox.com
Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue
CAcertificate

Santosh Chokhani wrote:
> We must fix X.509 since it is not broken.

I am not suggesting that we should fix X.509, I am pointing out, in my
own roundabout way, that X.509 certs are supposed to have a canonical
form. But it seems they do not.

Makes me wonder why we go to all the effort of using a supposedly
canonical encoding that isn't? If we can only rely on the original bits
in the cert when checking the signature, why bother?

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email