[nycbug-talk] [ccc related] MD5 considered harmful today

csnyder chsnyder at gmail.com
Tue Jan 6 09:55:44 EST 2009

On Wed, Dec 31, 2008 at 9:40 AM, Dan Colish <dcolish at gmail.com> wrote:

> This whole issue made me curious about what root CA's I had in Firefox,
> remember these are hard coded in. Well it turns out that you absolutely
> cannot remove them from your system. Also, as it has been pointed out, a CRL
> for a CA that is cracked would be pointless. The only approach I see is to
> modify the trust given to the CA's that are know to be broken. If you check,
> you'll see the Firefox has not accepted certs signed by a number of MD5 CAs.
> So I'm not sure this is really an issue if you are careful about CA
> management. Also, if you read the paper, actually creating the fake Root CA
> can take months due to timing issues and a fairly decent computing cluster
> (200 ps3's). This is hardly the same level of oops as the Kandinsky DNS bug.

It's amazing just how helpless we are against the dumbing-down of TLS
by browser vendors.

- There is no known_hosts store
- it's difficult to get at the fingerprint value of a new certificate.
(4 clicks in FF, when it could be displayed up front, the bastards)
- You have to opt-out of lazy CAs rather than opting-in to trusted ones.
- No description of CAs or published rationale for inclusion, link to
audit or certification, etc.

I suppose that if someone is going to take the time to find a hash
collision for a CA signature and hijack DNS, they would also take the
time to find a fingerprint collision for the certificate... but at
least it's another layer.

Could we just start the internet over, but not tell Verisign this time?

More information about the talk mailing list