Dailydave mailing list archives
Re: Questions about MD5+CA
From: Alexander Sotirov <alex () sotirov net>
Date: Thu, 1 Jan 2009 14:17:50 -0500
On Tue, Dec 30, 2008 at 12:43:30PM -0500, Dave Aitel wrote:
So if someone was able to get a root CA for $20000 - shouldn't we remove the RapidSSL root CA from our browsers with the next browser update? I don't see why people think this would be hard to replicate and hasn't been done previously to RapidSSL. Is it because no one other than that one team can do math or buy PS3s? Microsoft's advisory on this is essentially defaulting to the "No one else has ever done this" position. This is weird. Trusted Roots that could have been used to sign these things need to get re-issued, right? What am I missing here?
I agree. If revoking a root CA cert is so inconvenient or Internet-breaking that it can't be done even after an attack on the root has been demonstrated in practice, then our trust in the PKI system is perhaps misplaced. If they don't revoke the root, the security of the PKI system from now until 2020 (when the RapidSSL cert expires) will rely on the assumption that our team did not make a second CA cert that nobody knows about and that nobody else did either. We didn't, but how can we possibly prove that? How can any CA that used MD5 prove beyond doubt that they have not signed a colliding key in the past? The lesson here is that if you have a mechanism like CA root revocation, you need to regularly exercise it, otherwise you won't be ready to use it when the real need arises. Perhaps we need to start revoking one randomly selected root each year to get everybody used to the idea and ready to do it for real when there is a real threat. We to drills and practice evacuating buildings for earthquakes and fires, so why not for online threats? Alex
Attachment:
_bin
Description:
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Questions about MD5+CA Alexander Sotirov (Jan 01)
- Re: Questions about MD5+CA Dave Aitel (Jan 02)
- Re: Questions about MD5+CA wishi (Jan 02)
- Re: Questions about MD5+CA Jon Oberheide (Jan 03)
- Re: Questions about MD5+CA wishi (Jan 02)
- Re: Questions about MD5+CA Dave Aitel (Jan 02)