[secdir] Null Prefix attack

Stefan Santesson <stefan@aaa-sec.com> Tue, 10 November 2009 03:39 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9732A3A685B for <secdir@core3.amsl.com>; Mon, 9 Nov 2009 19:39:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.162
X-Spam-Level:
X-Spam-Status: No, score=-1.162 tagged_above=-999 required=5 tests=[AWL=-0.772, BAYES_20=-0.74, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pK13wC38ao6p for <secdir@core3.amsl.com>; Mon, 9 Nov 2009 19:39:57 -0800 (PST)
Received: from s87.loopia.se (s87.loopia.se [194.9.94.111]) by core3.amsl.com (Postfix) with ESMTP id 7BB3E3A6824 for <secdir@ietf.org>; Mon, 9 Nov 2009 19:39:56 -0800 (PST)
Received: from s29.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id 5F4B729C612 for <secdir@ietf.org>; Tue, 10 Nov 2009 04:40:04 +0100 (CET)
Received: (qmail 89078 invoked from network); 10 Nov 2009 03:40:03 -0000
Received: from host-19-9.meeting.ietf.org (HELO [133.93.19.9]) (stefan@fiddler.nu@[133.93.19.9]) (envelope-sender <stefan@aaa-sec.com>) by s29.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <secdir@ietf.org>; 10 Nov 2009 03:40:03 -0000
User-Agent: Microsoft-Entourage/12.20.0.090605
Date: Tue, 10 Nov 2009 12:39:57 +0900
From: Stefan Santesson <stefan@aaa-sec.com>
To: secdir@ietf.org
Message-ID: <C71F0F9D.60DF%stefan@aaa-sec.com>
Thread-Topic: Null Prefix attack
Thread-Index: Acpht3j5dYMFmcJzXEaLaISDJJBFDw==
In-Reply-To: <alpine.BSF.2.00.0908061721440.17573@fledge.watson.org>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Subject: [secdir] Null Prefix attack
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2009 03:39:58 -0000

Referring to the discussion at the Secdir lunch today.

Here is a link to the document describing the attack:
http://thoughtcrime.org/papers/null-prefix-attacks.pdf

Article on the subject:
http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_publis
hed/

/Stefan