

Verisign/RapidSSL Responds To Certificate Vulnerability - tptacek
https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php

======
tokenadult
"We applaud security research of this sort and are glad that white hats like
the "MD5 Collision Inc." group make a point of investigating online security.
This group went to great lengths to keep its findings private, and
unfortunately that included ensuring that VeriSign did not receive any of this
information ahead of the actual presentation, rendering it impossible for us
to begin work on mitigating this issue prior to this morning. So I'll caution
you that these responses are preliminary, and if it turns out that any of the
information we've received is inaccurate, my responses may change."

I really like this, especially the last sentence. That's refreshingly direct
communication.

------
brl
"Q: How many certificates are affected?

A: Zero. No end entity certificates are affected by this attack. The attack,
when it worked, was a potential method for a criminal to create a new, false
certificate from scratch. Existing certificates are not targets for this
attack."

This answer seems a little bit, well, disingenuous. Does he not understand the
attack or does he not understand SSL?

~~~
catch23
I believe the answer for that question was actually pulled from the MD5 paper
itself. See here:

<http://www.win.tue.nl/hashclash/rogue-ca/>

Scroll to the bottom in the question/answer section. It's interesting they
only used 200 PS3 game consoles to do their computations with.

~~~
brl
In the paper itself, they reach the opposite conclusion:

"Question. Suppose that a criminal creates by our method his own rogue
Certification Authority that is trusted by all browsers. Are then only
websites with certificates from the CA whose signature he used vulnerable to
impersonation attacks? Are only websites with certificates based on MD5
vulnerable to impersonation attacks?

Answer. No. When a criminal uses redirection attacks in combination with a
rogue but trusted CA certificate, all websites are equally vulnerable."

------
tptacek
(Thanks to gojomo for finding this).

Gotta admit, a solid response.

~~~
cscott
Yes, they're taking a page out of Microsoft's playbook by using a blog post to
respond in more detail to a security vulnerability. When executed well, it
mollifies critics much better than the press release style of communication
due to its appearance of informality.

That being said, I would have liked for them to say that they've reviewed
their logs and saw no other issuance activity that followed the same pattern
as the researchers, and that they will improve their operational monitoring
and serial number sequencing to help protect against future potential attacks.

~~~
tptacek
They basically sucked all the drama right out of it, which seems like exactly
the right play.

