Hi, >> Tell me something new. ;-) Although in fact, the whole thing goes much >> deeper. A broken hash algorithm means root cert-like compromise as it >> means the capacity to imitate a correct signature by a root cert. There >> is no fix for this but blacklisting. Not in any model with TTPs, by the >> way. > > You mean blacklisting the algorithm, right?
Ultimately, yes. That's what Moz etc. did, but you cannot force CAs to switch to new algorithms at once. New root certs have to be added to the root stores, new certs issued for existing customers, etc. Thus the grace period until 2011. In the meantime, all you can do is blacklist known-rogue certs. Alternatively, pull the root cert from which MD5 signatures were issued. As the MD5 attack still had considerable cost (for the hobby blackhat, not a 3-letter agency), it was deemed that this must suffice for a while. Ralph -- Ralph Holz I8 - Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ Phone +49.89.289.18043 PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey