On Thu, Mar 1, 2018 at 10:31 AM, Nick Lamb via dev-security-policy < [email protected]> wrote:
> On Thu, 1 Mar 2018 10:51:04 +0000 > Ben Laurie via dev-security-policy > <[email protected]> wrote: > > > Seems to me that signing something that has nothing to do with certs > > is a safer option - e.g. sign random string+Subject DN. > > That does sounds sane, I confess I have not spent much time playing with > easily available tools to check what is or is not easily possible on > each platform in terms of producing and checking such proofs. I knew > that you can make a CSR on popular platforms, and I knew how to check a > CSR is valid and a bogus CSR seemed obviously harmless to me. > > I feel sure I saw someone's carefully thought through procedure for > proving control over a private key written up properly for close to > this sort of situation but I have tried and failed to find it again > since the incident was first reported, and apparently Jeremy didn't > know it either. Perhaps you were thinking about the ROBOT attack, which covered https://robotattack.org/ You can produce such messages, if you have the key, through something like (note: haven't tested, but you get the idea) associated_spki_hash=`openssl pkey -inform PEM -in foo.key -pubout | openssl dgst -sha256 -binary | openssl enc -base64` associated_crt_sh_url="http://crt.sh/?spkisha256=${associated_spki_hash}"; echo "${associated_crt_sh_url} is compromised - 2018-03-01" > message.txt openssl dgst -sha256 -sign foo.key -out foo.key -out ${associated_spki_hash}.signature message.txt to verify openssl dgst -sha256 -verify <(openssl x509 -in "cert file goes here" -pubkey -noout) -signature ${associated_spki_hash}.signature message.txt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
