Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

Santosh Chokhani <> Thu, 02 January 2014 22:09 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 53D871ACC88 for <>; Thu, 2 Jan 2014 14:09:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.438
X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id S2BSa-4ifsS5 for <>; Thu, 2 Jan 2014 14:09:17 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id D4D6C1AC85E for <>; Thu, 2 Jan 2014 14:09:16 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.95,593,1384318800"; d="scan'208,217";a="1599364"
Received: from unknown (HELO ([]) by with ESMTP; 02 Jan 2014 17:09:10 -0500
Received: from ([::1]) by ([fe80::d8df:b0bd:28be:ad62%15]) with mapi id 14.02.0247.003; Thu, 2 Jan 2014 17:09:09 -0500
From: Santosh Chokhani <>
To: Phillip Hallam-Baker <>, Leif Johansson <>
Thread-Topic: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
Thread-Index: AQHPCAXa/8Ioig5tGU25kjFTCjkYTJpx/hOA
Date: Thu, 2 Jan 2014 22:09:08 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_4262AC0DB9856847A2D00EF817E8113910E532scygexch10cygnaco_"
MIME-Version: 1.0
Cc: "" <>, Paul Hoffman <>, Jacob Appelbaum <>
Subject: Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 Jan 2014 22:09:19 -0000

LTANS WG had produced an RFC (RFC 5698) to protect the relying parties from weak algorithms.

If that RFC is implemented on the certificate consuming side, these attacks will be thwarted.

From: therightkey [] On Behalf Of Phillip Hallam-Baker
Sent: Thursday, January 02, 2014 4:58 PM
To: Leif Johansson
Cc:; Paul Hoffman; Jacob Appelbaum
Subject: Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

On Thu, Jan 2, 2014 at 4:00 PM, Leif Johansson <<>> wrote:

2 jan 2014 kl. 21:25 skrev Phillip Hallam-Baker <<>>:
> Please don't overstate the results of
> the excellent research that you did; doing so diminishes the
> research.
I'm not overstating anything. I think you don't understand what we
actually did if you think that later, patching things will somehow
magically stop previously successful attacks...

You are confusing people by using a valid attack against the algorithm to argue against the trust model. PKIX is designed on the assumption that the digest algorithm chosen is secure against a second preimage attack.

The fundamental flaw in the pkix trust model is that there is no deployable mechanism for limiting the impact of such an attack.

That realization should inform future design and that bit is certainly on topic ;-)

It is on topic but not limited to PKIX.

We have since learned that algorithm agility is not quite the security benefit we once thought as the security of the system is determined by the weakest algorithm you support, not the strongest one you implement.

Problem is that I can't see a way to really control this type of attack without a very considerable cost in usability and I think it would constrain other defenses.

Anyone using Windows XP in the Enterprise for any purpose other than finding viruses is guilty of security malpractice at this point. It is an obsolete OS that would have been at EOL if lazy sysadmins hadn't begged to keep it.

My current solution in my email project is to attempt to require SHA512 for all certificates. But I am not sure that is actually sustainable.