Regarding keyID collisions...
IMA version 2 format uses the low-order 32-bits of a SHA1 hash of the
ASN.1 encoded public key and exponent.
Collisions of this keyID are possible in two ways:
a) the public key + exponent manages to have a collision on the
low-order 32-bits of the hash,
b) someone has managed to generate the same public key material
in a separate certificate.
I would guess that item a is not very likely, but is it certainly
possible in theory. We have seen OpenPGP keyids that collide but are
actually two separate public/private key pairs.
For item b, some users have been known to generate a single CSR and
submit it to multiple signing authorities (Intermediate Cross-Signed
Certificates), or re-use a public key when a certificate expires.
URLs of examples of the item b collisions:
http://security.stackexchange.com/questions/6926/multiple-cas-signing-a-single-cert-csr
https://en.wikipedia.org/wiki/X.509 (section 3 cross-certification)
http://social.technet.microsoft.com/wiki/contents/articles/1102.how-to-changeextend-the-expiration-date-of-certificates-that-are-issued-by-a-windows-server-2008-or-a-windows-server-2003-certificate-authority.aspx
Playing with a blacklist or expired certificates implies being able to
explicitly tie a given IMA keyID back to the certificate it uses. This
could be an issue in the case of a cross-signed certificate where one of
parent certifictes in the chain has been compromised and put in the
blacklist while the other cross-signed hierarchy remains intact.
-- Mark
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
