> 2 jan 2014 kl. 22:57 skrev Phillip Hallam-Baker <[email protected]>: > > > > >> On Thu, Jan 2, 2014 at 4:00 PM, Leif Johansson <[email protected]> wrote: >> >> >> 2 jan 2014 kl. 21:25 skrev Phillip Hallam-Baker <[email protected]>: >> >>>> > Please don't overstate the results of >>>> > the excellent research that you did; doing so diminishes the >>>> > research. >>>> >>>> I'm not overstating anything. I think you don't understand what we >>>> actually did if you think that later, patching things will somehow >>>> magically stop previously successful attacks... >>> >>> >>> You are confusing people by using a valid attack against the algorithm to >>> argue against the trust model. PKIX is designed on the assumption that the >>> digest algorithm chosen is secure against a second preimage attack. >> >> The fundamental flaw in the pkix trust model is that there is no deployable >> mechanism for limiting the impact of such an attack. >> >> That realization should inform future design and that bit is certainly on >> topic ;-) > > It is on topic but not limited to PKIX. > > We have since learned that algorithm agility is not quite the security > benefit we once thought as the security of the system is determined by the > weakest algorithm you support, not the strongest one you implement. >
A trust model based on shorter-time-to-live keys would have limited the impact too. > > Problem is that I can't see a way to really control this type of attack > without a very considerable cost in usability and I think it would constrain > other defenses. > > Anyone using Windows XP in the Enterprise for any purpose other than finding > viruses is guilty of security malpractice at this point. It is an obsolete OS > that would have been at EOL if lazy sysadmins hadn't begged to keep it. > > > My current solution in my email project is to attempt to require SHA512 for > all certificates. But I am not sure that is actually sustainable. > > -- > Website: http://hallambaker.com/
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
