Re: Questions about MD5+CA

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Totally. This was a good opportunity for Mozilla or the IE team to be
thought leaders in security, and neither stepped up. The right thing
to do would have been to announce an update that disabled the root CA
in 10 days. That gives everyone ten days to get a new certificate from
somewhere else. Security is about hard choices. Currently, we're all
about sticking our heads in the sand - which devalues SSL as a
security protocol entirely.

In my role as CTO at Immunity I try to do similar things: our newest
researcher Skylar is learning about this the hard way when she calls
up asking why her shiny new dell laptop does not yet support wireless. :>

- -dave
 
> I agree. If revoking a root CA cert is so inconvenient or
> Internet-breaking that it can't be done even after an attack on the
> root has been demonstrated in practice, then our trust in the PKI
> system is perhaps misplaced.
>
> If they don't revoke the root, the security of the PKI system from
> now until 2020 (when the RapidSSL cert expires) will rely on the
> assumption that our team did not make a second CA cert that nobody
> knows about and that nobody else did either. We didn't, but how can
> we possibly prove that? How can any CA that used MD5 prove beyond
> doubt that they have not signed a colliding key in the past?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJXkuztehAhL0gheoRAkzcAJ91MJXkxMORc3ft4Hl22XTvUavxRACaA10F
b45C+Bh5he3BkQbwUANGgEM=
=QsTJ
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave