On Feb 25, 2017, at 17:44, Jimmy Hess <mysi...@gmail.com> wrote: >> On Thu, Feb 23, 2017 at 2:03 PM, Patrick W. Gilmore <patr...@ianai.net> >> wrote: >> >> For instance, someone cannot take Verisign’s root cert and create a cert >> which collides >> on SHA-1. Or at least we do not think they can. We’ll know in 90 days when >> Google releases the code. > > Maybe. If you assume that no SHA attack was known to anybody at the > time the Verisign > cert was originally created, And that the process used to originally > create Verisign's root cert > was not tainted to leverage such attack. > > If it was tainted, then maybe there's another version of the > certificate that was constructed > with a different Subject name and Subject public key, but the same > SHA1 hash, and same Issuer Name and same Issuer Public Key.
I repeat something I've said a couple times in this thread: If I can somehow create two docs with the same hash, and somehow con someone into using one of them, chances are there are bigger problems than a SHA1 hash collision. If you assume I could somehow get Verisign to use a cert I created to match another cert with the same hash, why in the hell would that matter? I HAVE THE ONE VERISIGN IS USING. Game over. Valdis came up with a possible use of such documents. While I do not think there is zero utility in those instances, they are pretty small vectors compared to, say, having a root cert at a major CA. -- TTFN, patrick
