"Eric Rescorla" <[email protected]> wrote: > I'm not convinced it's especially severe. > > To recap: > We have one example of an RA failing to do proper validity checks. > That RA as promptly shut down by their CA and the relevant > certificate was revoked. > > We have one example of a CA issuing a bogus CA certificate via this > collision attack. That certificate isn't usable as-is, and the CA has > since fixed their procedures. > > To date, we have exactly 0 examples of this being used in the wild, > and it's not clear how someone other than the researchers would > do so. This is especially severe how?
Not even Firefox checks the revocation list. And it's now publically known how you could forge the root CA. I'm pretty sure that will be used soon. > I don't think that's at all clear. These researchers put *quite* a bit > of effort into this problem. It's not at all clear to me you couldn't > find a Windows 0-day in that time. Seriously, who uses Windows on the 25c3? As to what I've seen, that was the least used Operating System there. Most were using Linux, followed by OS X and then the BSDs. > How exactly is generating predictable private keys not a > vulnerability? It's Debian only. It will only work when the private and public key were generated on a Debian machine. That's now a flaw in SSH itself, but in Debian. For example, I was never affected by that Debian bug. I don't have a single key generated on a Debian machine. -- Jonathan
signature.asc
Description: PGP signature
