Bonjour,
> Le 9 sept. 2015 à 14:17, Georgi Guninski a écrit :
>
> On Wed, Sep 09, 2015 at 12:07:43PM +, Viktor Dukhovni wrote:
>>>
>>> Are you saying I can't sign the cert with another cert
>>> (the pubkey is easy to extract from the cert) with openssl?
>>
>> If you control a trusted root
On Wed, Sep 09, 2015 at 03:17:01PM +0300, Georgi Guninski wrote:
> If I am CA and sign cert requests with vanilla openssl,
> will I sign a composite $q$?
The "openssl ca" command won't stop you from signing a non-prime
DSA $q$. Real CAs need to do a lot more than is done in "openssl
ca".
No rea
On Wed, Sep 09, 2015 at 12:07:43PM +, Viktor Dukhovni wrote:
> >
> > Are you saying I can't sign the cert with another cert
> > (the pubkey is easy to extract from the cert) with openssl?
>
> If you control a trusted root CA, or an intermediate CA issued
> (possibly indirectly) by a trusted r
On Wed, Sep 09, 2015 at 03:02:36PM +0300, Georgi Guninski wrote:
> On Wed, Sep 09, 2015 at 11:55:36AM +, Viktor Dukhovni wrote:
> >
> > The expected time for this sort of check is when CAs sign certificates,
> > not when TLS handshake participants validate the certificates of
> > their peers
On Wed, Sep 09, 2015 at 11:55:36AM +, Viktor Dukhovni wrote:
>
> The expected time for this sort of check is when CAs sign certificates,
> not when TLS handshake participants validate the certificates of
> their peers (issued by trusted issuers, or else why bother).
>
Are you saying I can't s
On Wed, Sep 09, 2015 at 02:46:05PM +0300, Georgi Guninski wrote:
> Is this ``issue'' real or imaginary according to developers, developers,
> developers(!) ?
On Wed, Sep 09, 2015 at 01:28:42PM +0300, Georgi Guninski wrote:
> In short openssl 1.0.1p accepts composite $q$
> in DSA verify/SSL.
>
>
On Wed, Sep 09, 2015 at 07:45:16AM -0400, Jeffrey Walton wrote:
> Hi Georgi,
>
> Sorry to go offlist...
>
> Also keep in mind that the IETF has effectively deprecated the DH
> parameters in PKIX certificates. In fact, they moved to fixed DH
> groups to avoid the option dance between client and se
Ok, never mind.
Is this ``issue'' real or imaginary according to developers, developers,
developers(!) ?
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi Georgi,
Sorry to go offlist...
Also keep in mind that the IETF has effectively deprecated the DH
parameters in PKIX certificates. In fact, they moved to fixed DH
groups to avoid the option dance between client and server; and that
has the benefit that the parameters can be validated offline. A
On Wed, Sep 9, 2015 at 7:15 AM, Georgi Guninski wrote:
> On Wed, Sep 09, 2015 at 07:03:59AM -0400, Jeffrey Walton wrote:
>> On Wed, Sep 9, 2015 at 6:28 AM, Georgi Guninski
>> wrote:
>> > In short openssl 1.0.1p accepts composite $q$
>> > in DSA verify/SSL.
>> >
>> > If $q$ is backdoored in the D
On Wed, Sep 09, 2015 at 07:03:59AM -0400, Jeffrey Walton wrote:
> On Wed, Sep 9, 2015 at 6:28 AM, Georgi Guninski wrote:
> > In short openssl 1.0.1p accepts composite $q$
> > in DSA verify/SSL.
> >
> > If $q$ is backdoored in the DSA/DH group parameters,
> > this breaks all private keys using it (
On Wed, Sep 9, 2015 at 6:28 AM, Georgi Guninski wrote:
> In short openssl 1.0.1p accepts composite $q$
> in DSA verify/SSL.
>
> If $q$ is backdoored in the DSA/DH group parameters,
> this breaks all private keys using it (see links at
> bottom)...
>
Just bikeshedding, but before I went any further
In short openssl 1.0.1p accepts composite $q$
in DSA verify/SSL.
If $q$ is backdoored in the DSA/DH group parameters,
this breaks all private keys using it (see links at
bottom).
On linux:
$./apps/openssl s_server -accept 8080 -cert /tmp/cacert2.pem -key
/tmp/key-comp2.key
$./apps/openssl s_clie
13 matches
Mail list logo
