Paul Hoffman: > On Jan 1, 2014, at 10:22 AM, Jacob Appelbaum <ja...@appelbaum.net> > wrote: > >> I do control the private key for the aforementioned intermediate >> certificate[0] authority. :) > > No, you really do not.
I control the private key for the rouge CA that we created. I'm not the only one with the private key material - all of my fellow researchers likely still have it as well. Perhaps you think that I said something that I didn't say. I'm not claiming that I have the private key for the CA's actual correct CA signing key. > As you certainly know, that attack only > applied to a very limited number of CAs in the root piles at the > time. I'm not sure where you came to this impression? There were a few CAs who were vulnerable, we picked one to perform the research. It worked. That work produced a valid signature that we could apply to our second certificate, which is a sub-CA certificate. Thus, the attack we did only applied to a single CA and we did not destroy the private key for the corresponding certificate. So yes, we most certainly do have the private key for that intermediate certificate authority that we created. > I I remember correctly, it applied to zero of them > approximately six months later. Unless one explicitly distrusts (all) MD5 signed certificates, pre-loads our certificate to mark it as untrusted, or a few other things relating to time constraints - it will probably still work for MITM attacks. Many applications fail to do proper constraint checking. > Please don't overstate the results of > the excellent research that you did; doing so diminishes the > research. I'm not overstating anything. I think you don't understand what we actually did if you think that later, patching things will somehow magically stop previously successful attacks... All the best, Jacob _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
