[cabfpub] A better way to do SHA-1 legacy
Erwann Abalea
Erwann.Abalea at docusign.com
Tue Jul 19 16:59:26 UTC 2016
The attacker can tweak the public key and obtain a resulting tbsCert until a set of attacker-defined conditions is met. He doesn’t need to interact with anybody for that, and we don’t know what kind of « attacker-defined conditions » is acceptable.
In my view, it’s a regression from the current scheme.
Cordialement,
Erwann Abalea
> Le 19 juil. 2016 à 16:53, Gervase Markham <gerv at mozilla.org> a écrit :
>
> On 19/07/16 15:44, Erwann Abalea wrote:
>> There’s no need to collide SHA2 with this scheme.
>> The attacker can know in advance what the serial number will be; it may
>> not be sequential, but is nevertheless predictable. So the attacker
>
> But the attacker can only know the serial number when the entire
> remainder of the certificate is fixed. So how can they tweak it to
> enable the attack? If they tweak it, the serial number changes.
>
> Gerv
>
More information about the Public
mailing list