[openssl-users] Why openssl 1.0.1p accepts composite $q$ in DSA?
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Sep 9 12:07:43 UTC 2015
On Wed, Sep 09, 2015 at 03:02:36PM +0300, Georgi Guninski wrote:
> On Wed, Sep 09, 2015 at 11:55:36AM +0000, Viktor Dukhovni wrote:
> >
> > The expected time for this sort of check is when CAs sign certificates,
> > not when TLS handshake participants validate the certificates of
> > their peers (issued by trusted issuers, or else why bother).
>
> Are you saying I can't sign the cert with another cert
> (the pubkey is easy to extract from the cert) with openssl?
If you control a trusted root CA, or an intermediate CA issued
(possibly indirectly) by a trusted root CA, you can sign anything
you want and it will be trusted. The fact that malfeasant CAs can
compromise security is not new.
If you don't control a trusted CA, what significance would such a
signature carry? Yes, most certificates (sometimes constrained by
KeyUsage) can be used for signing, but unless "CA=true", they can't
be used to sign other certificates that will be trusted by peers.
--
Viktor.
More information about the openssl-users
mailing list