IETF Logo Mail Archive

Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

Leif Johansson <leifj@mnt.se> Thu, 02 January 2014 21:00 UTC

Return-Path: <leifj@mnt.se>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFF201A1F5F for <therightkey@ietfa.amsl.com>; Thu, 2 Jan 2014 13:00:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LszLm55vcdGy for <therightkey@ietfa.amsl.com>; Thu, 2 Jan 2014 13:00:16 -0800 (PST)
Received: from mail-lb0-f176.google.com (mail-lb0-f176.google.com [209.85.217.176]) by ietfa.amsl.com (Postfix) with ESMTP id C505A1AC7EF for <therightkey@ietf.org>; Thu, 2 Jan 2014 13:00:15 -0800 (PST)
Received: by mail-lb0-f176.google.com with SMTP id l4so7643467lbv.35 for <therightkey@ietf.org>; Thu, 02 Jan 2014 13:00:08 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=OeztZwRqwXIxeyKF/Z6TxCa1GQZypNy8V9pDCthnh/U=; b=fgtQg0BueIzvI+aJ/bRp+9xco9ROE6ZYoPzmbLBBwTGsO6psQuzb/67UicNf7mi/fl Cbnn26hx5CnZ2ImSGWjRDGP7pwRd6UP3hgmLDqipTttbbF4v9eHOO7zEm0URyjzLUEHw e7D6P5/W7sHCS2nPe/aUpeWv1SwRjOZ5cn0BLHBMwUED+z3Ldp+AcC98X44OWXe5nmVk qH7axZE/taC5ohNi4AhOVtVRPawdqMBkryrmjlHRtkFaSMtkkVt0//qLiurVMd74HiRB Fw1aYXmEQtghlJyLrYVcAeP1JycXa0vrUYjrTeLcPQ6mizeI90oP5IZBmfwUh9HBa/5u HfcQ==
X-Gm-Message-State: ALoCoQmH1exkcu5C/MBl2Q6+51pj/aKwAjAMQV7hO40yAt3L/mOb2OIbYeWaxqBzyYY45NN0frH7
X-Received: by 10.152.234.75 with SMTP id uc11mr22354348lac.30.1388696407949; Thu, 02 Jan 2014 13:00:07 -0800 (PST)
Received: from [10.0.0.166] (tb62-102-145-131.cust.teknikbyran.com. [62.102.145.131]) by mx.google.com with ESMTPSA id mq10sm35119041lbb.12.2014.01.02.13.00.06 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 02 Jan 2014 13:00:06 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail-8A9055E2-1EFA-442A-B09E-AA2A7AF91B08"
Mime-Version: 1.0 (1.0)
From: Leif Johansson <leifj@mnt.se>
X-Mailer: iPhone Mail (11B554a)
In-Reply-To: <CAMm+LwjMGOTueS_hu+xPTtXkjfEXqUbPeGR=WYP+t48CJdn_3w@mail.gmail.com>
Date: Thu, 02 Jan 2014 22:00:08 +0100
Content-Transfer-Encoding: 7bit
Message-Id: <DB4645B1-9247-42ED-83D2-5251538D5D96@mnt.se>
References: <22429D73-4EFC-4091-8F5B-BAD38968EA54@taoeffect.com> <CAMm+LwiMXdEnHqD0y_S-fP6081Tk=A=7-9LsJQhRuawmmmfdTg@mail.gmail.com> <FEFA307D-97E0-4C58-AB43-5B9AB8E8FC70@taoeffect.com> <CAMm+Lwjwww28tV_qvqQVH3xo1xqvjb6z++258+LOqgxWn-Oh9w@mail.gmail.com> <52B88104.9040607@appelbaum.net> <52C2D54F.8000209@comodo.com> <52C45CDC.5020608@appelbaum.net> <96EF8E55-5860-4534-B370-83395C3985D4@vpnc.org> <52C5B67D.4050301@appelbaum.net> <CAMm+LwjMGOTueS_hu+xPTtXkjfEXqUbPeGR=WYP+t48CJdn_3w@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, Jacob Appelbaum <jacob@appelbaum.net>
Subject: Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jan 2014 21:00:19 -0000


> 2 jan 2014 kl. 21:25 skrev Phillip Hallam-Baker <hallam@gmail.com>:
> 
> 
> 
> 
>> On Thu, Jan 2, 2014 at 1:57 PM, Jacob Appelbaum <jacob@appelbaum.net> wrote:
>> Paul Hoffman:
>> > On Jan 1, 2014, at 10:22 AM, Jacob Appelbaum <jacob@appelbaum.net>
>> > wrote:
>> >
>> >> I do control the private key for the aforementioned intermediate
>> >> certificate[0] authority. :)
>> >
>> > No, you really do not.
>  
>> Unless one explicitly distrusts (all) MD5 signed certificates, pre-loads
>> our certificate to mark it as untrusted, or a few other things relating
>> to time constraints - it will probably still work for MITM attacks. Many
>> applications fail to do proper constraint checking.
> 
> Anyone who trusts MD5 for signing any form of keying material is vulnerable to this type of attack. It does not matter whether there is a CA involved or not or the number of sub CAs. A variation of the attack could be performed on PGP or DNSSEC.
> 
> The fix here is to disable MD5 completely in the browser or for CAs to not use MD5 in any certificate. The industry has chosen to do the second since we can't actually recall legacy browsers. However, Microsoft's recent decision to end of life SHA-1 will have the effect of rendering most of the legacy browsers unusable in any case.
> 
> 
> 
>> > Please don't overstate the results of
>> > the excellent research that you did; doing so diminishes the
>> > research.
>> 
>> I'm not overstating anything. I think you don't understand what we
>> actually did if you think that later, patching things will somehow
>> magically stop previously successful attacks...
> 
> 
> You are confusing people by using a valid attack against the algorithm to argue against the trust model. PKIX is designed on the assumption that the digest algorithm chosen is secure against a second preimage attack.

The fundamental flaw in the pkix trust model is that there is no deployable mechanism for limiting the impact of such an attack.

That realization should inform future design and that bit is certainly on topic ;-)


> 
> We have a lot of security issues to deal with right now and we want to make sure we are paying attention to the ones that matter most. This is really not helping.
> 
> -- 
> Website: http://hallambaker.com/
> _______________________________________________
> therightkey mailing list
> therightkey@ietf.org
> https://www.ietf.org/mailman/listinfo/therightkey

v2.23.0 | Report a Bug | By Email