Thomas, Thank you. You stated my concerns much better then I did.
Please respond to openssl-users@openssl.org Sent by: owner-openssl-us...@openssl.org To: openssl-users@openssl.org cc: (bcc: Dan Mitton/YD/RWDOE) Subject: Re: Interesting article LSN: Not Relevant User Filed as: Not a Record Kyle Hamilton wrote: > The fact that root certificates are NEVER trusted, under X.509, unless > they're already in the client store (or are added as a specific > security exception). These are a special class of certificates called > "trust anchors" (technically, the trust anchor is the public key; the > certificate is the thing that holds metadata, including the > subjectKeyIdentifier, which is used in certificates signed by it to > uniquely identify the signing key). > > (You get root CAs from places like Microsoft, Mozilla, Apple, Opera, > and your OS distribution vendor.) > > The reason why it's very difficult to forge a certificate from a root > CA is due to the mathematics behind asymmetric cryptography. Please > see a book called "Applied Cryptography 2nd Edition", by Schneier, for > a very good introduction to the concept and a discussion of how > unlikely it is. > > -Kyle H I'm pretty sure Dan is asking if it is possible to recreate the private key that generated the public key that is already in the certificate store (i.e. something you already trust). Everyone here seems to be assuming that he meant creating a new root CA. Issuers re-issue signed keys every year for "security purposes", but if *I* were some ridiculously-brilliant hacker with unlimited processing resources and I were targeting a key to break, I would skip that and go for the Big Enchilada: A key already in the trusted certificate store on every user's machine and in every major browser. With a duplicate private key (e.g. Verisign's CA _private_ key), I could theoretically generate any key for any domain I want to intercept/monitor transactions for. The additional benefit that most CAs in the certificate store are good until 2038 instead of a single year only helps further the benefit of targeting such a key. Probably impossible. -- Thomas Hruska Shining Light Productions Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL. http://www.slproweb.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
