Erik Tews writes:
> At least 3 major webbrowsers on the marked are shipped
by default with
> CA certificates, which have signed other intermediate
CAs which use
> rsa1024 with exponent 3, in their current version. With
this exploit,
> you can now sign arbitary server certificates for any
website of your
> choice, which are accepted by all 3 webbrowsers without
any kind of
> ssl-warning-message.
Is that true, did you try all 3 web browsers to see that
they don't give
a warning message? It's not enough that they accept a CA
with exponent
3, they also have to have the flaw in verification that lets
the bogus
signature through.
If it is true, if three different widely used webbrowsers
are all
vulnerable to this attack, it suggests a possible problem
due to the
establishment of a cryptographic monoculture. If it turns
out that
the same cryptographic library is used in all three of these
browsers,
and that library has the flaw, then this reliance on a
single source
for cryptographic technology could be a mistake.
Now in practice I don't think that Internet Explorer and
Mozilla/Firefox
use the same crypto libraries, so either these are not two
of the three,
or else they have independently made the same error. It
would be nice
to know which it is.
Hal Finney
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomo metzdowd.com
|