On Sun, Feb 26, 2006, Erwann ABALEA wrote: > Bonjour, > > Hodie IV Kal. Mar. MMVI est, Dr. Stephen Henson scripsit: > [... about serial numbers ...] > > Some CAs choose consecutive values, other what look like random values of > > hashes. > > > > One commercial reason for not using consecutive values is that competitors > > can > > work out how many certificates you've issued... > > One good technical reason to choose "random" serial numbers was > demonstrated by the a paper written by Lenstra, Wang, and Weger > (http://eprint.iacr.org/2005/067). The point here is that if the > attacker can "predict" the content of a certificate, he can carefully > generate a public key so that the signature of a certificate can be > used on another certificate with another identity and public key. This > attack is based on flaws on MD5 demonstrated in summer 2004. SHA1 is > now under attack, and until the SHA2 series is well understood by a > large proportion of the installed software base, CAs are "forced" to > use SHA1... > See also: http://www.win.tue.nl/~bdeweger/CollidingCertificates/ >
Just to add that that version of the attack can only generate colliding certificates which are identical other than the public keys. > The CA has the possibility to change the name of the issued > certificate, by adding a random element (a kind of serial number), but > this isn't usually well percieved (the customer always asks for > clarification about this random stuff added to his identity), and it > prevents an end-user to renew a certificate with the same exact > identity (since this will render the counter-measure useless). > > >From my understanding of the collision a non-critical extension would be another place but people would of course ask what it was for. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
