[Servercert-wg] Updating BR 6.1.1.3

Corey Bonnell CBonnell at securetrust.com
Fri Apr 17 11:50:19 MST 2020


> Currently, we have in the BRs an expectation that you implement an algorithm, which in pseudo-code is something like:
>
> function isDebianWeak(key) {
>  for architecture in (le32, le64, be32) {
>    for pid in (0...32767) {
>      if (key == debian_key(architecture, pid, length(key), exponent(key)) {
>        return true;
>      }
>   }
>  return false;
>}

As stated in my previous messages, you need to check for all 11 platforms supported by Debian at the time of the vulnerability to have a complete check and faithful implementation of the algorithm. So even if CAs limit the set of accepted key sizes and exponents, there is still the difficult hurdle to overcome of enumerating all 11 platforms, especially since many of them are moribund. In other words, iterating over "be32", "le32", and "le64" is imprecise and incomplete; you need to iterate over all 11. The presentation you linked to in the previous email stated as such on slide 11 ("… and each platform (x86,x64,PPC,…)"). As time goes on and this antiquated hardware becomes increasingly rare, this will be an increasingly onerous requirement. for incumbent --and especially new -- CAs.

Thanks,
Corey

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.


More information about the Servercert-wg mailing list