> > If so, I fear we are learning the wrong lesson, which
> > while valid in other contexts is not pertinent here.
> > TLS must be flexible enough to accommodate new
> > algorithms, this means that the data structures being
> > exchanged are malleable, and that implementations must
> > valida
On Sat, Sep 16, 2006 at 05:35:27AM +1200, Peter Gutmann wrote:
> David Shaw <[EMAIL PROTECTED]> writes:
>
> >Incidentally, GPG does not attempt to parse the PKCS/ASN.1 data at all.
> >Instead, it generates a new structure during signature verification and
> >compares it to the original.
>
> How d
Am Freitag, den 15.09.2006, 00:40 +0200 schrieb Erik Tews:
> I have to check some legal aspects before publishing the names of the
> browser which accepted this certificate and the name of the
> ca-certificates with exponent 3 I used in some hours, if nobody tells me
> not to do that. Depending on
David Shaw <[EMAIL PROTECTED]> writes:
>Incidentally, GPG does not attempt to parse the PKCS/ASN.1 data at all.
>Instead, it generates a new structure during signature verification and
>compares it to the original.
How does it handle the NULL vs.optional parameters ambiguity?
Peter.
---
James A. Donald wrote:
> --
> Greg Rose wrote:
>> At 19:02 +1000 2006/09/14, James A. Donald wrote:
>>> Suppose the padding was simply
>>>
>>> 010101010101010 ... 1010101010101 hash
>>>
>>> with all leading zeros in the hash omitted, and four
>>> zero bits showing where the actual hash beg
James Donald writes:
> There is no need, ever, for the RSA signature to encrypt
> anything other than a hash, nor will their ever be such
> a need. In this case the use of ASN.1 serves absolutely
> no purpose whatsoever, other than to create complexity,
> bugs, and opportunities for attack. It is
On Fri, Sep 15, 2006 at 08:49:31PM +1200, Peter Gutmann wrote:
> When I fired up Firefox a few minutes ago it told me that there was
> a new update available to fix security problems. I thought, "Hmm, I
> wonder what that would be...". It's interesting to note that we now
> have fixes for many o
"Steven M. Bellovin" <[EMAIL PROTECTED]> writes:
>As for the "not compatible with a well-socialized human" -- well, maybe -- I
>don't think normal people describe themselves as "paranoid by profession"
Might I refer the reader to http://www.cs.auckland.ac.nz/~pgut001/. I've even
received mai
Simon Josefsson <[EMAIL PROTECTED]> writes:
>Test vectors for this second problem are as below, created by Yutaka OIWA.
To make this easier to work with, I've combined them into a PKCS #7 cert chain
(attached). Just load/click on the chain and see what your app says.
(As an aside, this chain is
--
Victor Duchovni wrote:
> If so, I fear we are learning the wrong lesson, which
> while valid in other contexts is not pertinent here.
> TLS must be flexible enough to accommodate new
> algorithms, this means that the data structures being
> exchanged are malleable, and that implementations
[EMAIL PROTECTED] (Peter Gutmann) writes:
> What's more scary is that if anyone introduces a parameterised hash (it's
> quite possible that this has already happened in some fields, and with the
> current interest in randomised hashes it's only a matter of time before we see
> these anyway) [...]
When I fired up Firefox a few minutes ago it told me that there was a new
update available to fix security problems. I thought, "Hmm, I wonder what
that would be...". It's interesting to note that we now have fixes for many
of the OSS crypto apps (OpenSSL, gpg, Firefox (via NSS, so probably
Thund
Erik Tews writes:
> At least 3 major webbrowsers on the marked are shipped by default with
> CA certificates, which have signed other intermediate CAs which use
> rsa1024 with exponent 3, in their current version. With this exploit,
> you can now sign arbitary server certificates for any website of
On Thu, Sep 14, 2006 at 02:48:54PM -0400, Leichter, Jerry wrote:
> | The problem is that _because there is an interface to poll the token for
> | a code across the USB bus_, malicious software can *repeatedly* steal new
> | token codes *any time it wants to*. This means that it can steal codes
> |
You need to have one zero octet after bunch of FFs and before DER encoded
has blob in order to have a proper PKCS#1v1.5 signature encoding.
Based on what you say below, "I used this cert and my key to sign an
end-entity certificate which I used to set up an webserver", it appears that
implementati
Am Donnerstag, den 14.09.2006, 22:23 -0700 schrieb Tolga Acar:
> You need to have one zero octet after bunch of FFs and before DER encoded
> has blob in order to have a proper PKCS#1v1.5 signature encoding.
>
> Based on what you say below, "I used this cert and my key to sign an
> end-entity certi
>From http://www.w3.org/2001/tag/doc/leastPower.html :
When designing computer systems, one is often faced with a choice between
using a more or less powerful language for publishing information, for
expressing constraints, or for solving some problem. This finding explores
tradeoffs relating t
On Thu, 14 Sep 2006 17:21:28 -0400, Victor Duchovni
<[EMAIL PROTECTED]> wrote:
>
> If so, I fear we are learning the wrong lesson, which while valid in
> other contexts is not pertinent here. TLS must be flexible enough to
> accommodate new algorithms, this means that the data structures being
>
Victor Duchovni <[EMAIL PROTECTED]> writes:
>This, in my view, has little to do with ASN.1, XML, or other encoding
>frameworks. Thorough input validation is not yet routinely and consistently
>practiced by most software developers. Software is almost invariably written
>to parse formats observed i
[EMAIL PROTECTED] (James A. Donald) on Thursday, September 14, 2006 wrote:
>Obviously we do need a standard for describing structured data, and we
>need a standard that leads to that structured data being expressed
>concisely and compactly, but seems to me that ASN.1 is causing a lot of
>grief.
Simon Josefsson <[EMAIL PROTECTED]> writes:
>Deploying a hash widely isn't done easily, though. GnuTLS only support MD2,
>MD5, SHA-1 and RIPEMD (of which MD2/MD5 are by default not used to verify
>signatures).
Right, but it's been pure luck that that particular implementation (and most
likely a
21 matches
Mail list logo
