On Tue, Feb 23, 2016 at 1:47 PM, Andrew Ayer <a...@andrewayer.name> wrote:
> On Tue, 23 Feb 2016 13:12:27 -0800 > Yuhong Bao <yuhongbao_...@hotmail.com> wrote: > > > If OneCRL always used the same hash algorithm as the certificate, > > then any colliding certificate would also be treated as revoked. > > OneCRL would need to use the hash of the TBS, not the certificate. The > TBS is what's collided, but once the signature is added, the hashes are > not identical anymore (unless the length of the TBS happens to be a > multiple of the SHA-1 block size). > Unfortunately, given the latency of deploying code to Firefox, it won't be possible to make any changes to OneCRL in this case. However, OneCRL is based on issuer and serial number, so forged certificates will not be able to use the serial number in a chosen-prefix attack. > > Andrew > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
