Hi all,
Since the adoption call was made for draft-kukec-csi-hash-threat-01
which is not available in repositories (new version (-02) has been
submitted), below is the quick summary of changes between version -01
and -02.
--
The following sections has been changed:
- Section 1. Introduction: The text about two new references has been
introduced, related to sha1 collisions (paper "Finding Collisions in the
Full SHA-1", CRYPTO 2005) and collisions in X.509 certificates (paper
"Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for
Different Identities", EUROCRYPT 2007: 1-22).
- Section 3.2. Attacks against PKIX certificates in ADD process: The
text about threats caused by the X.509 colliding certificates with the
same identity and signature, but different public key has been introduced.
- Section 4.1 Hash algorithm option: The structure of the hash algorithm
option has been changed (each field is 8-bit sized, reserved field is
moved to after relevant fields (HA-KH, HA-DS, DS)).
- Section 6. IANA Considerations: The numeric values for HA-KH, HA-DS
and DS fields have been changed to TBD. The hash algorithm option has
been changed to TBA.
- Section 7. References: New references added, related to sha1
collisions (paper "Finding Collisions in the Full SHA-1", CRYPTO 2005)
and collisions in X.509 certificates (paper "Chosen-Prefix Collisions
for MD5 and Colliding X.509 Certificates for Different Identities",
EUROCRYPT 2007: 1-22).
--
Sorry for the confusion,
Ana
_______________________________________________
CGA-EXT mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cga-ext
