Re: "Certification Authorities are recommended to stop using MD5 altogether"

To: Micah Anderson <micah@riseup.net>
Cc: Russ Allbery <rra@debian.org>, debian-security@lists.debian.org
Subject: Re: "Certification Authorities are recommended to stop using MD5 altogether"
From: Aiko Barz <aiko@deepco.de>
Date: Fri, 2 Jan 2009 10:22:36 +0100
Message-id: <[🔎] 20090102092235.GA3344@thorin.admin.heise.de>
In-reply-to: <[🔎] 20090101174522.GF6475@pond>
References: <0812310232100.8102@somehost> <200812311052.41476.bgrpt3@toplitzer.net> <20081231191518.GC6475@pond> <[🔎] 1230820291.18250.28.camel@hidalgo> <[🔎] 874p0j84hc.fsf@windlord.stanford.edu> <[🔎] 20090101174522.GF6475@pond>

On Thu, Jan 01, 2009 at 12:45:22PM -0500, Micah Anderson wrote:
> >>On Wed, 31 Dec 2008, Micah Anderson wrote:                                        
> >> Does anyone have a legitimate reason to trust any particular Certificate
> >> Authority?
> > Yves-Alexis Perez <corsac@debian.org> writes:
> > 
> > > I may be wrong, but I trust the CAs in ca-certificates. I've followed
> > > the add of French Gvt CA Certificates, and the procedure was enough
> > > strict to give me this trust impression.
> > * Russ Allbery <rra@debian.org> [2009-01-01 10:04-0500]:
> >
> > While this exploit is particularly interesting because it's technical
> > rather than social and therefore easy to wrap one's mind around, it's not
> > been particularly difficult to get a forged certificate since nearly the
> > beginning of the commercial CA concept.  Very few of the certificate
> > authorities do any sort of real authentication of the requester, so if
> > you're willing to simple things like fax them forged letterhead, you can
> > probably get a certificate claiming to be just about anyone who isn't
> > extremely high-profile.
> 
> I agree, and this is why I poised this question. The hierarchical
> Certificate Authority model is fundamentally flawed, and easily
> exploited.

There are two more things, that disturbs me a lot:

If you trust a CA, you also trust any SUB CAs signed by their
certificate. But you don't have any control over those SUB CAs. You do
not know, who has them or how many are out there.

So, if you trust a Certificate Authority that belongs to a specific
country, it may be possible, that their government asks for a
certificate, that enables them to sign certificates by their own. That
would enable the government to create trusted certificates for any
website, mailserver, etc on the planet...

The second thing, that disturbs me:

Firefox 3 made it more difficult to accept self signed certificates.
It would be nice, if Firefox at least could remember certificates to
generate warnings like:

- INFO:  Certificate fingerprint changed.
         New certificate is signed by the same CA.

- ALERT: Certificate fingerprint changed.
         New certificate is signed by a different CA.
         Possible MITM attack going on.

So long,
    Aiko

-- 
:wq ✉

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: "Certification Authorities are recommended to stop using MD5 altogether"
  - From: Yves-Alexis Perez <corsac@debian.org>
- Re: "Certification Authorities are recommended to stop using MD5 altogether"
  - From: Russ Allbery <rra@debian.org>
- Re: "Certification Authorities are recommended to stop using MD5 altogether"
  - From: Micah Anderson <micah@riseup.net>

Prev by Date: Re: "Certification Authorities are recommended to stop using MD5 altogether"
Next by Date: URGENT RESPOND
Previous by thread: Re: "Certification Authorities are recommended to stop using MD5 altogether"
Next by thread: Re: "Certification Authorities are recommended to stop using MD5 altogether"
Index(es):
- Date
- Thread