[nycbug-talk] [ccc related] MD5 considered harmful today

[csnyder]

On Wed, Dec 31, 2008 at 9:40 AM, Dan Colish <dcolish at gmail.com> wrote:

> This whole issue made me curious about what root CA's I had in Firefox,
> remember these are hard coded in. Well it turns out that you absolutely
> cannot remove them from your system. Also, as it has been pointed out, a CRL
> for a CA that is cracked would be pointless. The only approach I see is to
> modify the trust given to the CA's that are know to be broken. If you check,
> you'll see the Firefox has not accepted certs signed by a number of MD5 CAs.
> So I'm not sure this is really an issue if you are careful about CA
> management. Also, if you read the paper, actually creating the fake Root CA
> can take months due to timing issues and a fairly decent computing cluster
> (200 ps3's). This is hardly the same level of oops as the Kandinsky DNS bug.

It's amazing just how helpless we are against the dumbing-down of TLS
by browser vendors.

- There is no known_hosts store
- it's difficult to get at the fingerprint value of a new certificate.
(4 clicks in FF, when it could be displayed up front, the bastards)
- You have to opt-out of lazy CAs rather than opting-in to trusted ones.
- No description of CAs or published rationale for inclusion, link to
audit or certification, etc.

I suppose that if someone is going to take the time to find a hash
collision for a CA signature and hijack DNS, they would also take the
time to find a fingerprint collision for the certificate... but at
least it's another layer.

Could we just start the internet over, but not tell Verisign this time?