Re: response to CCC CA attack paper?
> Both root certs will never be included in any mainline browsers, so it
> is not a big issue.
Well, there are a few million computers out there that have the CAcert
root certificate, but since the existing certificates aren't useable
with the current attack vector, this shouldn't be a problem.
The problem we have is our class 3 intermediate certificate, which is
using MD5, and is being warned about by the new extensions, since it
can't be differentiated from a rogue CA.
Our class1 root certificate is not a problem.
> There is no cert expiration relieve : once the certificate is MD5
> hashed, RSA signed by the class1 root cert, you can change any data in
> the certificate, so you can make an old expired certificate looking
> brand new (AFAIK).
Not with the current attack, but potentially with strongly improved attacks.
As far as I know, there are no second-preimage attacks known against MD5
yet, so old certificates are safe for now.
I expect a complete breach of MD5 in 3-5 years, perhaps even much later.
> The new root certificates are SHA1 hashed : we will need to replace the
> subroot certificates when Mozilla & MS have added SHA-2 in mainline.