[110371] in North American Network Operators' Group
Re: Security team successfully cracks SSL using 200 PS3's and MD5
daemon@ATHENA.MIT.EDU (Brian Keefer)
Sun Jan 4 16:02:27 2009
From: Brian Keefer <chort@smtps.net>
To: Joe Greco <jgreco@ns.sol.net>
In-Reply-To: <200901042005.n04K5iA4044524@aurora.sol.net>
Date: Sun, 4 Jan 2009 13:02:06 -0800
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--Apple-Mail-1--607341982
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
On Jan 4, 2009, at 12:05 PM, Joe Greco wrote:
>
> The opinions on whether or not it is necessary to replace certs
> seems to
> vary depending on whose opinion you're listening to, but a
> relatively safe
> rule of thumb for this sort of security issue is to take the path
> that is
> most likely to avoid risk, which would seem to be replacing certs.
> To the
> extent that VeriSign is already doing this, it would seem that there
> is a
> certain level of agreement with that assessment.
>
I would attribute that much more to desire to avoid the risk of bad
PR, rather than the risk that it's possible to clone existing certs.
"SSL is cracked, VeriSign to blame!" was pretty much the top security
story for several days. They had to do something to turn around the
perception, despite accurate analysis and publications by
organizations such as Microsoft. Perception is reality, and
regardless of the technical merits, a significant amount of people
seemed to believe that any certificates that mentioned MD5 anywhere in
them are at risk of some unknown, but really scary Badness(tm).
I agree with VeriSign that offering to reissue certs is the smartest
business decision they can make, considering their tagline is "The
Value of Trust". I disagree that it was technically necessary.
Reissuing existing certificates signed by MD5 accomplishes nothing.
Participation is voluntary, so if someone had managed to create a
rogue CA, they certainly would not voluntarily destroy it by having
their cert reissued! Technically the only thing necessary to prevent
this attack has already been done, and that is to stop issuing certs
signed with MD5 so that no one else can create a rogue CA via this
means.
If they truly believed that there was a risk anyone else had done this
already, they would need to revoke the CA cert, i.e. every vendor who
shipped their CA cert in the default trusted issuer bundle would need
to remove or invalidate it with a software update, but that would
break _all_ the valid certificates signed by the CA. In order to do
that, they would need to proactively contact every customer with a
valid cert to make sure they were updated. What percentage of their
customers do you think they would be able to reach (haven't changed
contact information, etc)? How many application vendors would
actually remove the old CA and add the new one in a timely manner?
How many of those vendors' customers would actually upgrade to the new
version?
So they've done what they need to in order to prevent future exploits,
and obviously they aren't that worried that the exploit has actually
been performed maliciously in the past. Offering to reissue existing
certs is a PR smokescreen (although a necessary one).
I think there's a huge fundamental misunderstanding. It seems that
the popular belief is that it's possible to use an existing MD5
signature for any evil bits that you choose, which is not the case.
The actual exploit in this case is the ability to "unlock" a normal
certificate to make it a CA certificate. Of course phrasing it that
way wouldn't be quite so sensational (and wouldn't have accomplished
the researcher's goal of raising awareness to the weakness of MD5), so
now we have mass misperception, which has become reality since
anything that is published is automatically true.
I'm not saying it's bad that people are shying aware from MD5, I just
like to be accurate.
In any case, it has spawned some healthy discussions so I would say it
was worthwhile.
--
bk
CA cert: http://www.smtps.net/pub/smtps-dot-net-ca-2.pem
--Apple-Mail-1--607341982
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIICxDCCAsAw
ggIpAgkAxtRyYjIWj0wwDQYJKoZIhvcNAQEFBQAwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
YWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTESMBAGA1UEChMJU01UUFMubmV0MR0wGwYD
VQQLExRJbmZvcm1hdGlvbiBTZWN1cml0eTEYMBYGA1UEAxQPU01UUFMubmV0IENBICMyMR4wHAYJ
KoZIhvcNAQkBFg9hZG1pbkBzbXRwcy5uZXQwHhcNMDgxMDIzMTgwOTIxWhcNMTgxMDIxMTgwOTIx
WjCBojELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENs
YXJhMRIwEAYDVQQKEwlTTVRQUy5uZXQxHTAbBgNVBAsTFEluZm9ybWF0aW9uIFNlY3VyaXR5MRUw
EwYDVQQDEwxCcmlhbiBLZWVmZXIxHjAcBgkqhkiG9w0BCQEWD2Nob3J0QHNtdHBzLm5ldDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvQRcsZtKlL+YfHBHSfVHOloPRKakA/v5MU0JN3Bc2hvT
ZgDn74IE8XWYvCoEOtpfN1wSVfwwzJAwHlBTdB6+2DNBpwPlZ/nZwd2W4+moWSXsv2IzfvU970Mz
DBjUuK5hUZROTmiBO/v0xBeTH/nP3+OVJcIAFIOLvo4Omp0upssCAwEAATANBgkqhkiG9w0BAQUF
AAOBgQAxED9V4Yjb+nRAbRq3LnLi6bz4RRLZ6rMntugApYRWzDsB1AHnobbUic+6K3YAXXPwbE41
AAfG99Gc4t8Kwm0WFb+MC6CaEghnyceXWZiJFCuJjik7EGROjjFtqVurqVhIxSswTmnqeF3zqDRy
vfR5XaoPPoSyqWJbK0hZmOAXeTGCA0swggNHAgEBMIGzMIGlMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExEjAQBgNVBAoTCVNNVFBTLm5ldDEd
MBsGA1UECxMUSW5mb3JtYXRpb24gU2VjdXJpdHkxGDAWBgNVBAMUD1NNVFBTLm5ldCBDQSAjMjEe
MBwGCSqGSIb3DQEJARYPYWRtaW5Ac210cHMubmV0AgkAxtRyYjIWj0wwCQYFKw4DAhoFAKCCAe0w
GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkwMTA0MjEwMjA2WjAj
BgkqhkiG9w0BCQQxFgQUcrlgTpsYS3xHLTULoGj0dqGZsMEwgcQGCSsGAQQBgjcQBDGBtjCBszCB
pTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJh
MRIwEAYDVQQKEwlTTVRQUy5uZXQxHTAbBgNVBAsTFEluZm9ybWF0aW9uIFNlY3VyaXR5MRgwFgYD
VQQDFA9TTVRQUy5uZXQgQ0EgIzIxHjAcBgkqhkiG9w0BCQEWD2FkbWluQHNtdHBzLm5ldAIJAMbU
cmIyFo9MMIHGBgsqhkiG9w0BCRACCzGBtqCBszCBpTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRIwEAYDVQQKEwlTTVRQUy5uZXQxHTAbBgNV
BAsTFEluZm9ybWF0aW9uIFNlY3VyaXR5MRgwFgYDVQQDFA9TTVRQUy5uZXQgQ0EgIzIxHjAcBgkq
hkiG9w0BCQEWD2FkbWluQHNtdHBzLm5ldAIJAMbUcmIyFo9MMA0GCSqGSIb3DQEBAQUABIGATzd0
piy2ZcPfkHEoc/8tvJAuSDMfRQ2Qz+qBO1K6YGH13bu2j8VNCF7TeCEi0RpMQt8j9G5rC7lu34en
m8q9ZVdIdkCTvT//5bOuUFRX0JtOihT95o5TJ4SClJNISbrGrHUbTM8D5n3AyUl5cKkK3+5cIWLQ
sZY4J/uoKT6r8QkAAAAAAAA=
--Apple-Mail-1--607341982--
