IETF Logo Mail Archive

Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

"Santosh Chokhani" <SChokhani@cygnacom.com> Thu, 01 January 2009 19:30 UTC

Return-Path: <saag-bounces@ietf.org>
X-Original-To: saag-archive@ietf.org
Delivered-To: ietfarch-saag-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0B9A23A6AB9; Thu, 1 Jan 2009 11:30:02 -0800 (PST)
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4E3C03A6AB9 for <saag@core3.amsl.com>; Thu, 1 Jan 2009 11:30:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.437
X-Spam-Level:
X-Spam-Status: No, score=-1.437 tagged_above=-999 required=5 tests=[AWL=0.032, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fu2fj0JQaHct for <saag@core3.amsl.com>; Thu, 1 Jan 2009 11:30:00 -0800 (PST)
Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by core3.amsl.com (Postfix) with SMTP id 20FD13A6813 for <saag@ietf.org>; Thu, 1 Jan 2009 11:29:59 -0800 (PST)
Received: (qmail 12442 invoked from network); 1 Jan 2009 19:30:10 -0000
Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4; 01 Jan 2009 19:30:10 -0000
Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 1 Jan 2009 19:30:10 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Thu, 01 Jan 2009 14:29:46 -0500
Message-ID: <FAD1CF17F2A45B43ADE04E140BA83D489365F1@scygexch1.cygnacom.com>
In-Reply-To: <495D0100.6000200@links.org>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
Thread-Index: AclsOJwh2A/o+dm4RcK781oKyPwOkAADl7sA
References: <495BA5E9.8040305@pobox.com> <E1LILYj-00066V-WE@wintermute01.cs.auckland.ac.nz> <1b587cab0901010706j6e8cd2f8pf23345660a4825a5@mail.gmail.com><p06240824c582ab4501d1@[10.20.30.158]> <495D0100.6000200@links.org>
From: Santosh Chokhani <SChokhani@cygnacom.com>
To: Ben Laurie <ben@links.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Cc: mike-list@pobox.com, ietf-pkix@imc.org, ietf-smime@imc.org, cfrg@irtf.org, saag@ietf.org
Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: saag-bounces@ietf.org
Errors-To: saag-bounces@ietf.org

We must fix X.509 since it is not broken.

We must preserve MD5 since it is weak.

We must provide economic and political support to client side vendors
who refuse to implement SHA-256.  We must treat them with kid gloves and
work around them.

The world economy is in the tank.

People want to shoot each other.

I see a patent here that is not very random.

-----Original Message-----
From: saag-bounces@ietf.org [mailto:saag-bounces@ietf.org] On Behalf Of
Ben Laurie
Sent: Thursday, January 01, 2009 12:45 PM
To: Paul Hoffman
Cc: cfrg@irtf.org; ietf-smime@imc.org; saag@ietf.org; ietf-pkix@imc.org;
mike-list@pobox.com
Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue
CAcertificate

Paul Hoffman wrote:
> At 3:06 PM +0000 1/1/09, Ben Laurie wrote:
>> Surely the whole point of DER is that there's only one correct way to
>> encode any particular certificate?
> 
> Not so "surely". The SEQUENCE for extensions does not say what order
they should be in.

That doesn't change the _point_ of DER. If extensions should have been
specified as a SET but are defined as a SEQUENCE, then they are broken
(technically).

>> So, either extensions must be sorted, or changing their order changes
>> their meaning. Either way, nothing can be reordered.
> 
> Wrong on both counts. Each extension has stand-alone semantics, and
they can be in any order.

My point was about the correct use of DER. It seems extensions use it
incorrectly.

> However, this is irrelevant for the MD5 break discussion, as is
clearly shown in the paper.

I am discussing the correct use of DER :-)

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email