> 2 jan 2014 kl. 21:25 skrev Phillip Hallam-Baker <hal...@gmail.com>: > > > > >> On Thu, Jan 2, 2014 at 1:57 PM, Jacob Appelbaum <ja...@appelbaum.net> wrote: >> Paul Hoffman: >> > On Jan 1, 2014, at 10:22 AM, Jacob Appelbaum <ja...@appelbaum.net> >> > wrote: >> > >> >> I do control the private key for the aforementioned intermediate >> >> certificate[0] authority. :) >> > >> > No, you really do not. > >> Unless one explicitly distrusts (all) MD5 signed certificates, pre-loads >> our certificate to mark it as untrusted, or a few other things relating >> to time constraints - it will probably still work for MITM attacks. Many >> applications fail to do proper constraint checking. > > Anyone who trusts MD5 for signing any form of keying material is vulnerable > to this type of attack. It does not matter whether there is a CA involved or > not or the number of sub CAs. A variation of the attack could be performed on > PGP or DNSSEC. > > The fix here is to disable MD5 completely in the browser or for CAs to not > use MD5 in any certificate. The industry has chosen to do the second since we > can't actually recall legacy browsers. However, Microsoft's recent decision > to end of life SHA-1 will have the effect of rendering most of the legacy > browsers unusable in any case. > > > >> > Please don't overstate the results of >> > the excellent research that you did; doing so diminishes the >> > research. >> >> I'm not overstating anything. I think you don't understand what we >> actually did if you think that later, patching things will somehow >> magically stop previously successful attacks... > > > You are confusing people by using a valid attack against the algorithm to > argue against the trust model. PKIX is designed on the assumption that the > digest algorithm chosen is secure against a second preimage attack.
The fundamental flaw in the pkix trust model is that there is no deployable mechanism for limiting the impact of such an attack. That realization should inform future design and that bit is certainly on topic ;-) > > We have a lot of security issues to deal with right now and we want to make > sure we are paying attention to the ones that matter most. This is really not > helping. > > -- > Website: http://hallambaker.com/ > _______________________________________________ > therightkey mailing list > therightkey@ietf.org > https://www.ietf.org/mailman/listinfo/therightkey
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
