IETF Logo Mail Archive

Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

"Santosh Chokhani" <SChokhani@cygnacom.com> Wed, 31 December 2008 18:50 UTC

Return-Path: <saag-bounces@ietf.org>
X-Original-To: saag-archive@ietf.org
Delivered-To: ietfarch-saag-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 657A628C10B; Wed, 31 Dec 2008 10:50:27 -0800 (PST)
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4C3AF3A6A00 for <saag@core3.amsl.com>; Wed, 31 Dec 2008 10:50:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.424
X-Spam-Level:
X-Spam-Status: No, score=-1.424 tagged_above=-999 required=5 tests=[AWL=0.045, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2MLM7r4SfqOf for <saag@core3.amsl.com>; Wed, 31 Dec 2008 10:50:25 -0800 (PST)
Received: from scygmxsecs1.cygnacom.com (scygmxsecs1.cygnacom.com [65.242.48.253]) by core3.amsl.com (Postfix) with SMTP id 577233A68DC for <saag@ietf.org>; Wed, 31 Dec 2008 10:50:25 -0800 (PST)
Received: (qmail 4597 invoked from network); 31 Dec 2008 18:50:37 -0000
Received: from SChokhani@cygnacom.com by scygmxsecs1.cygnacom.com with EntrustECS-Server-7.4; 31 Dec 2008 18:50:37 -0000
Received: from unknown (HELO scygexch1.cygnacom.com) (10.60.50.8) by scygmxsecs1.cygnacom.com with SMTP; 31 Dec 2008 18:50:37 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Wed, 31 Dec 2008 13:50:13 -0500
Message-ID: <FAD1CF17F2A45B43ADE04E140BA83D489365D3@scygexch1.cygnacom.com>
In-Reply-To: <495BBB5D.40507@mitre.org>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate
Thread-Index: AclrdpWRZ2DsZT93SYeylkbr3Wg+mAAAUebw
References: <08bb01c96ac7$1cd5a750$5680f5f0$@com> <E1LHplH-0006Xw-V6@wintermute01.cs.auckland.ac.nz> <FAD1CF17F2A45B43ADE04E140BA83D4893658D@scygexch1.cygnacom.com> <495B8D28.6070601@mitre.org> <FAD1CF17F2A45B43ADE04E140BA83D489365A4@scygexch1.cygnacom.com> <495BA5E9.8040305@pobox.com> <495BB0B9.9000807@pobox.com> <495BB5D7.7040106@drh-consultancy.demon.co.uk> <FAD1CF17F2A45B43ADE04E140BA83D489365CC@scygexch1.cygnacom.com> <495BBB5D.40507@mitre.org>
From: Santosh Chokhani <SChokhani@cygnacom.com>
To: "Timothy J. Miller" <tmiller@mitre.org>
Cc: ietf-pkix@imc.org, Dr Stephen Henson <lists@drh-consultancy.demon.co.uk>, cfrg@irtf.org, saag@ietf.org, ietf-smime@imc.org
Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: saag-bounces@ietf.org
Errors-To: saag-bounces@ietf.org

These things need to be thought through.

If all the CAs did this, it might work.  But, what if the client side
was looking for junk in the certificate as evidence of collision?

Also, client will not enforce this.

So, if you are relying on CAs, why not ask them to switch to SHA-1 as
opposed to adding more software to the CA.  SHA-1 is purely a
configuration item for the CA deployments.

I just find that all three mail lists are getting work out and real
message and analysis is getting lost.

For example, folks are still posting misinformation that self-signed
roots have a hash problem.  Signatures on self-signed roots are
gratuitous from security viewpoint.  So, we do not want to cry wolf and
undertaken replacing roots which will be a humongous waste to time and
money.  Signatures and hence hash used to sign these do not matter.  

-----Original Message-----
From: Timothy J. Miller [mailto:tmiller@mitre.org] 
Sent: Wednesday, December 31, 2008 1:35 PM
To: Santosh Chokhani
Cc: Dr Stephen Henson; ietf-pkix@imc.org; ietf-smime@imc.org;
cfrg@irtf.org; saag@ietf.org
Subject: Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue
CAcertificate

Santosh Chokhani wrote:
> I am a bit concerned about random goo when random goo is one of the
> things the attacker uses to cause collision.  This may limit human or
> machine's ability to discern mischief.

I don't see how, if the random goo is added by the CA.  It defeats 
chosen prefix attacks as a class.

-- Tim
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email