Frank Hecker wrote, On 2008-12-31 10:48 PST: > Nelson B Bolyard wrote: >> A representative of Verisign has posted a response to this issue at >> https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php > > The VeriSign post is not 100% clear on exactly how "VeriSign has removed > this vulnerability" (to quote the blog post). Is it simply that VeriSign > has now discontinued using MD5 when issuing RapidSSL certificates and > other end-entity certificates under the various VeriSign/thawte/GeoTrust > brands? Material elsewhere in the post seems to imply that this was the > only corrective action taken (or that needed to be taken), but I don't > recall it being made explicit in the post.
After reading the above-cited blog post, I conclude that RapidSSL was changed to stop using MD5, and that other Verisign-controlled CAs still plan to stop using MD5 before the end of January. It's not clear to me that the other CAs that still use MD5 have been made invulnerable, or how that was actually accomplished, if it was. There are a number of ways (besides replacing MD5) that could have been used to make the CAs less vulnerable, including (but not limited to) - switching to a large random serial number instead of a sequential (and hence predictable) serial number - issuing certs with less predictable notBefore and notAfter validity dates. (Just randomizing the number of seconds in each would go a long way.) - cease issuing certs from those CAs until they can be switched to SHA1. It would be nice to know which (if any) of those measures have been taken, because that would increase my confidence that the CAs actually have been made less vulnerable. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
