[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail
Florian Weimer
fw at deneb.enyo.de
Mon Sep 5 10:18:09 PDT 2011
* Gervase Markham:
> Hi Peter,
>
> On 04/09/11 07:15, Peter Gutmann wrote:
>> Blacklist-based validity checking, the Second Dumbest Idea in Computer
>> Security (Marcus Ranum), doesn't work:
>>
>> Diginotar issued certs for which there was no record of issuance, therefore
>> they couldn't be revoked. Whitelist-based checking would have prevented
>> this.
>
> Surely OCSP is whitelist-based checking? (I can't imagine engineering an
> OCSP server which, when asked about a certificate for which it had no
> record, said "Fine, no problem!")
OCSP has been designed not to be able to detect covertly issued
certificates:
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
The request is not tied to a particular subject DN, so any covertly
issued certificate whose serial number collides with a valid
certificate will appear valid, too.
More information about the Observatory
mailing list