On 23/1/09 13:52, Eddy Nigg wrote:
Yet we all do it. And, it should be entirely logical that if a chance of
a fireball does not measurably change that risk
I guess 3% is a high enough risk even for somebody like you.
I'm curious, do you think that other people will respect childish
comments made by a CA?
1. MD5 is a *protocol* issue,
LOL, the weak debian keys was also a "protocol" issue :-)
Yes, and that part was fixed. What is now left with debian keys is not
a protocol issue.
Unless you take the SSH route which Nelson mentions, shipping a list of
weak keys. If Firefox is sufficiently upset about the weak keys, it
could do that?
So, file a bug and ask the NSS guys to add a weak keys list?
2. it effects all sites.
No, only those which used MD5.
Good point, only 14%, if that was the number that Johnathon found.
(Consider SHA1 though :)
3. It is within Mozilla's power to deal with it.
Up to a certain extend. If it breaks 20% of all sites I guess it's not.
Well, wielding power has its costs. Of course.
There are some who believe that Mozilla should have a general ability to
tell a CA what to do.
Actually Mozilla does exactly that with its policy. It perhaps needs to
enforce it better after approval of a CA.
This is a question. Do you think that Mozilla needs a way to enforce
something over a CA?
So that we can establish the principle, before asking about implementation.
Well, and I'm ashamed to say it, your point is only right for Mozilla.
According to what I've seen, we are going to be stuck with SHA1 for
years.
Yes, but SHA1 is not where MD5 is today.
This is why it is important to establish the *principle*. At the
moment, the principle behind the current push to have "mozo do
something" is a bit loose.
"Any published private key must cause certificate revocation" ?
Or, is it
"Any potential compromise must cause certificate revocation" ?
If you really want to help Mozo in this, then establish the principle.
Then once that is established, we have to examine how this is already
dealt with in PKI, and how it is to be enforced.
Incidentally we tried on an
experimental basis to introduce SHA256, but unfortunately a certain
operating system doesn't support it well. It will have to wait for 2010
and beyond before we'll try it again.
ok.
Others can correct, but as far as I saw last week, but neither TLS nor
Apache httpd/OpenSSL can deal with SHA2, there is some server-side snafu.
Not that I'm aware, but what about Windows 2003 servers which are widely
deployed? And Windows XP?
I don't know the full story, I just this:
http://security-basics.blogspot.com/2009/01/re-md5-considered-harmful-today-sha-1_19.html
We may have to wait until TLS 1.2 before this gets resolved. I might
have misinterpreted it. No time to dig into it now.
iang
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
