Practice Cryptography!
Even with all of the cryptologic and cryptographic technology that has existed in the world for the past 60 years, we still don't really know what encryption is good for or how to use it -- or, more importantly, why it's important. Maybe it's time for people and coders to actually start practicing how to use it, like any other skill.Sunday, February 26, 2006
X.509 stupidity...
I was just made aware of yet another piece of stupidity by the ITU, in their X.509:
A Certifying Authority is known by its name, not by any other criteria. The purpose of this was to allow for a creation of a new CA certificate if necessary, which would be able to issue CRLs for the old one.
Uhhhh... riiiiight. NSS fell victim to an attack like this, but I'm not at all certain what the current toolkits available do with it. Were I to create a new, self-signed CA with the same name as, a different serial number from, and a later "valid from" time than an existing certification authority, and then issue a CRL which explicitly revokes the prior CA key...
...would I have essentially yanked operation of the CA from the prior owner?
(Information from a post made on the openssl-users mailing list made by Erwann ABALEA on 26Feb2006):
The X.509 says it all.
From this standard, a CA is a name (not a key, really a name). That
allows you to renew the CA's key (and certificate), and this
key+certificate still belongs to the same CA. Whence, you can revoke
an issued certificate that was signed by an anterior CA key.
This (issuer name, serial number) uniqueness is clearly stated in
chapter 7 ("Public-keys and public-key certificates"):
"serialNumber is an integer assigned by the CA to each certificate. The
value of serialNumber must be unique for each certificate issued by a given
CA (i.e., the issuer name and serial number identify a unique certificate)."
A Certifying Authority is known by its name, not by any other criteria. The purpose of this was to allow for a creation of a new CA certificate if necessary, which would be able to issue CRLs for the old one.
Uhhhh... riiiiight. NSS fell victim to an attack like this, but I'm not at all certain what the current toolkits available do with it. Were I to create a new, self-signed CA with the same name as, a different serial number from, and a later "valid from" time than an existing certification authority, and then issue a CRL which explicitly revokes the prior CA key...
...would I have essentially yanked operation of the CA from the prior owner?
(Information from a post made on the openssl-users mailing list made by Erwann ABALEA
The X.509 says it all.
From this standard, a CA is a name (not a key, really a name). That
allows you to renew the CA's key (and certificate), and this
key+certificate still belongs to the same CA. Whence, you can revoke
an issued certificate that was signed by an anterior CA key.
This (issuer name, serial number) uniqueness is clearly stated in
chapter 7 ("Public-keys and public-key certificates"):
"serialNumber is an integer assigned by the CA to each certificate. The
value of serialNumber must be unique for each certificate issued by a given
CA (i.e., the issuer name and serial number identify a unique certificate)."
Archives
2006-02-12 2006-02-19 2006-02-26 2006-03-05 2006-03-12 2006-03-19 2006-03-26 2006-04-02 2006-04-09 2006-04-16 2006-04-23 2006-07-23 2008-01-13 2008-01-20 2008-02-03 2008-02-17 2008-03-16 2008-04-06 2008-05-11
