[193845] in North American Network Operators' Group
Re: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (valdis.kletnieks@vt.edu)
Mon Feb 27 04:14:49 2017
X-Original-To: nanog@nanog.org
From: valdis.kletnieks@vt.edu
X-Google-Original-From: Valdis.Kletnieks@vt.edu
To: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <9989A639-F2F6-4FED-8FD9-9F648128530C@ianai.net>
Date: Mon, 27 Feb 2017 04:14:38 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1488186878_195168P
Content-Type: text/plain; charset=us-ascii
On Mon, 27 Feb 2017 01:15:28 -0500, "Patrick W. Gilmore" said:
> In the example above, the CA knows the SHA-1 hash of the cert it issued. (We
> are assuming there is a CA which still does SHA-1.) How do you get that CA to
> believe the two OTHER certs with DIFFERENT hashes you have to create so you
> can have two docs with the same hash?
There's only 2 certs. You generate 2 certs with the same hash, and *then* get
the CA to sign one of them.
--==_Exmh_1488186878_195168P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Comment: Exmh version 2.5 07/13/2001
iQEVAwUBWLPt/o0DS38y7CIcAQLXZQf/e26IzLdMbCpBwQXcqwtZHYACyXAz4Myi
3CBBlTzCkfrytiGpD4OLGrj7n/lyTICHl3MDeNlm6gKf8gTm/78XETONKW4jm8dE
sZ/kLMuGVSObiw9aopJlo0bcBExaNWxuNnAoco0FzIHv+bLnHgX0KPxLC3DfMLQR
8v1sVKKUPn3U3JWsaD6QQ/shGkZ1HAERGfpVDpMaaI3l30ls9GSJAmLlxKr5skIq
a8SVbv6YyXcPkxG+ATmSrgwTTgFmuqCSSDMl1OgBO1rv4wQwY3bi+G1JltMnDqFh
fz7MhHljUayTYd3CArkP6paeO4DiiomQlj2bT7l3XzkNhaJnTnO9OA==
=lKbC
-----END PGP SIGNATURE-----
--==_Exmh_1488186878_195168P--
