[193826] in North American Network Operators' Group
Re: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Sat Feb 25 17:44:39 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <EBD013B2-5045-46FF-8CBB-61B38EC09A36@ianai.net>
From: Jimmy Hess <mysidia@gmail.com>
Date: Sat, 25 Feb 2017 16:44:13 -0600
To: "Patrick W. Gilmore" <patrick@ianai.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Thu, Feb 23, 2017 at 2:03 PM, Patrick W. Gilmore <patrick@ianai.net> wro=
te:
> For instance, someone cannot take Verisign=E2=80=99s root cert and create=
a cert which collides
> on SHA-1. Or at least we do not think they can. We=E2=80=99ll know in 90 =
days when
> Google releases the code.
Maybe. If you assume that no SHA attack was known to anybody at the
time the Verisign
cert was originally created, And that the process used to originally
create Verisign's root cert
was not tainted to leverage such attack.
If it was tainted, then maybe there's another version of the
certificate that was constructed
with a different Subject name and Subject public key, but the same
SHA1 hash, and same Issuer Name and same Issuer Public Key.
> --
> TTFN,
--
-JH
