Re: A couple of questions and concerns about Emacs network security

[Perry E. Metzger]

On Mon, 25 Jun 2018 19:33:49 +0200 Lars Ingebrigtsen <address@hidden>
wrote:
> Jimmy Yuen Ho Wong <address@hidden> writes:
> 
> > It's all about collisions[1], it's mostly a precaution, as no one
> > has found an actual collistion for a cert yet, but Google has
> > found collision for PDF last year [2].  
> 
> Ah, OK, then the SHA1 intermediate check isn't that vital.

It is, actually. It's believed to be straightforward for national
actors to forge intermediate certificates at this point.

> (I think the PDF collision was a cheat, anyway, since they just
> generated a lot of binary junk in a non-parsed section of the
> PDF.  :-) )

One of the rules in this game is attacks get better with time. Not
that long after the first certificational attacks on MD5, it was
discovered that parties unknown, generally thought to be nation-state
actors, had been forging signatures on Microsoft software updates
using MD5 collisions to enable what they were doing.

I would make sure that SHA-1 defenses are in place.

Perry
-- 
Perry E. Metzger                address@hidden