On Feb 25, 2017, at 17:44, Jimmy Hess <mysidia@gmail.com> wrote:
On Thu, Feb 23, 2017 at 2:03 PM, Patrick W. Gilmore <patrick@ianai.net> wrote:
For instance, someone cannot take Verisign’s root cert and create a cert which collides on SHA-1. Or at least we do not think they can. We’ll know in 90 days when Google releases the code.
Maybe. If you assume that no SHA attack was known to anybody at the time the Verisign cert was originally created, And that the process used to originally create Verisign's root cert was not tainted to leverage such attack.
If it was tainted, then maybe there's another version of the certificate that was constructed with a different Subject name and Subject public key, but the same SHA1 hash, and same Issuer Name and same Issuer Public Key.
I repeat something I've said a couple times in this thread: If I can somehow create two docs with the same hash, and somehow con someone into using one of them, chances are there are bigger problems than a SHA1 hash collision. If you assume I could somehow get Verisign to use a cert I created to match another cert with the same hash, why in the hell would that matter? I HAVE THE ONE VERISIGN IS USING. Game over. Valdis came up with a possible use of such documents. While I do not think there is zero utility in those instances, they are pretty small vectors compared to, say, having a root cert at a major CA. -- TTFN, patrick