[cabfpub] SHA-1 Collision Found

Eric Mill eric at konklone.com
Fri Feb 24 17:56:43 UTC 2017


On Fri, Feb 24, 2017 at 12:11 PM, philliph at comodo.com <philliph at comodo.com>
wrote:

>
> On Feb 24, 2017, at 11:38 AM, Eric Mill <eric at konklone.com> wrote:
>
> On Fri, Feb 24, 2017 at 10:46 AM, philliph at comodo.com<philliph at comodo.com>
>  wrote:
>
>>
>> You are misrepresenting what I am saying. Do not put words in my mouth
>> again. You do not speak for me. Only I speak for me.
>>
>> Is that totally clear?
>>
>
> It's clear, but not relevant. As best as I can tell, it is an accurate
> representation of what you said, and nothing in the rest of your message
> indicated otherwise.
>
>
> You are not me, you will not speak for me. not now, not ever.
>
> Your interpretation was wrong.
>
> The White House is looking for a new press spokesperson I hear.
>

Consider explaining why the interpretation was wrong, as you've yet to
contradict it. Again, you said "Things have to break before some people
will act. Which is why I consider the proposal to further reduce validity
intervals to provide more procrastination time positively harmful."

I'm saying that that is equivalent to saying that it's better to keep
long-lived certs around, so that the heightened damage their misissuance
would do will increase the motivation of CAs/browsers to deprecate weaker
algorithms.

I am making that statement to draw attention to the fallacy that underlies
this line of criticism.

I think that it is entirely reasonable to point out that the WebPKI is not
> a science project that individuals can adapt to their own whims no matter
> who they happen to be working for at the time.
>

It's reasonable to point it out, but it's not useful. If the grand original
design of the Web PKI turns out to have flaws in it that don't work in
practice on the real internet, that would put it in the same category as
many other important internet systems and protocols that have had to change
in serious ways over time.


> Expiration will remove a compromised certificate from being used in an
> attack, whether or not any human is aware of the compromise.
>
>
> But will not prevent the malefactor being issued a new one. Because in
> your attack scenario, no CA would have reason not to re-issue.
>
> It is very easy to devise attack scenarios in which a failure occurs. But
> they have no real significance unless you can show that your proposed
> course of action results in a different outcome.
>
> This scenario does not.
>

If all you care about is getting phishing domains revoked by CAs, sure,
expiration doesn't help with that. That's not the only kind of attack that
exists, and the question of whether CAs should be required to revoke
phishing certificates is a very different discussion that shouldn't be
entangled with whether or not reducing certificate lifetimes improves
security.

Again, have you looked at the full range of the relying party ecosystem and
measured support for expiration vs revocation? That's not to mention the
gap in understanding of expiration vs revocation among the slice of the
technical community that makes security/engineering decisions in various
libraries and applications. The difference in complexity of the two
features is enormous.

-- Eric


-- 
konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170224/676ec382/attachment-0003.html>


More information about the Public mailing list