[127582] in cryptography@c2.net mail archive
Re: Strength in Complexity?
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Mon Jul 7 10:38:07 2008
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: paul.hoffman@vpnc.org, pgut001@cs.auckland.ac.nz
Cc: cryptography@metzdowd.com
In-Reply-To: <p0624080ec49561145055@[10.20.30.162]>
Date: Mon, 07 Jul 2008 21:07:15 +1200
Paul Hoffman <paul.hoffman@vpnc.org> end:
>Wrong. There is no requirement to "ignore everything else in the
>cert". There is simply no requirement to use that material.
I suspect we're in violent agreement over this, just from two different
persepectives. From a security threat-modelling view I have to look at what
the worst is that can happen if I deploy a cert (or whatever else it is I'm
deplying). Since the spec says that an implementation is free to ignore every
single extension in a trust anchor/root cert then I have to assume that no
extension I put in a root cert will ever be enforced (it *might* be, but it's
not safe to rely on it). From an optimist's point of view the spec is
guaranteeing that extensions will be enforced. From a paranoid security
person's point of view the spec is guaranteeing that no extensions will be
enforced. I'm in the latter camp.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
