Practical Ramifications of MD5 Collisions on PKI

Researchers at the Chaos Computer Club in Moscow just published results of their research into MD5 collisions for x.509 Certificate Authorities.  By exploiting weaknesses in RapidSSL's certificate request implementation, they were able to successfully create a valid Intermediate CA certificate trusted by 99+% of browsers.  Combined with a man in the middle (MitM) attack such as the Kaminski DNS finding, this would truly break some of the fundamental trust models on the Internet.

Research paper here: http://www.win.tue.nl/hashclash/rogue-ca/

Demo site here: https://i.broke.the.internet.and.all.i.got.was.this.t-shirt.phreedom.org/

There are a couple of interesting related findings from this presentation:

• There are a few challenges with PKI security - any trusted CA can issue for any domain, revocation information is stored in the certificate (so a their rogue intermediate CA certificate is not easily revocable)
• Your site's security depends on the security of ALL of the CAs, not just the one you have sign your certificate
• Security practitioners need to pay attention to what is happening in academia (the basic flaw was announced in 2007, only demonstrated and made more practical today)