diff options
Diffstat (limited to 'tests/rsa-md5-collision/mbox')
| -rw-r--r-- | tests/rsa-md5-collision/mbox | 600 |
1 files changed, 0 insertions, 600 deletions
diff --git a/tests/rsa-md5-collision/mbox b/tests/rsa-md5-collision/mbox deleted file mode 100644 index 6727bfd586..0000000000 --- a/tests/rsa-md5-collision/mbox +++ /dev/null @@ -1,600 +0,0 @@ -X-Hashcash: 1:22:061024:m.m.j.stevens@student.tue.nl::NIoLZwQj6TTZ4YZK:BUuA -X-Hashcash: 1:22:061024:arjen.lenstra@epfl.ch::NgTq8sJW1QBlX/rv:g9Z -From: Simon Josefsson <jas@extundo.com> -To: "Weger\, B.M.M. de" <b.m.m.d.weger@TUE.nl>, m.m.j.stevens@student.tue.nl, arjen.lenstra@epfl.ch -Subject: Re: target collisions and colliding certificates with different identities -References: <DFA3206A564B80499B87B89B49BCD3135DC17A@EXCHANGE3.campus.tue.nl> -OpenPGP: id=B565716F; url=http://josefsson.org/key.txt -X-Draft-From: ("gmane.ietf.irtf.cfrg" 784) -X-Hashcash: 1:22:061024:b.m.m.d.weger@tue.nl::aYYmnRc08nJKaUMk:6ddD -Date: Tue, 24 Oct 2006 08:28:07 +0200 -In-Reply-To: <DFA3206A564B80499B87B89B49BCD3135DC17A@EXCHANGE3.campus.tue.nl> - (B. M. M. de Weger's message of "Mon\, 23 Oct 2006 23\:58\:21 +0200") -Message-ID: <87ods2grd4.fsf@latte.josefsson.org> -User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) -MIME-Version: 1.0 -Content-Type: text/plain; charset=us-ascii -Lines: 48 -Xref: localhost.localdomain rsa-md5:1 - -Great work, thanks! - -I'd like to include your certificates in GnuTLS, a TLS implementation -that supports X.509, as self-tests of the the certificate verification -logic. Is this OK with you? - -Btw, Gnutls rejected the certificates, we already disable MD5 for -verification purposes. :) - -For our legal department, I'd like a clarification of the license on -the data, would you agree to release the certificates under the -following license? - - Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra, Benne de Weger - - Copying and distribution of this file, with or without modification, - are permitted in any medium without royalty provided the copyright - notice and this notice are preserved. - -Also, if any other authors contributed, they would have to agree to -this license as well. Are there other authors? - -Best regards, and thanks in advance, -Simon - -"Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl> writes: - -> Hi all, -> -> We announce: -> - an example of a target collision for MD5; this means: -> for two chosen messages m1 and m2 we have constructed -> appendages b1 and b2 to make the messages collide -> under MD5, i.e. MD5(m1||b1) = MD5(m2||b2); -> said differently: we can cause an MD5 collision for -> any pair of distinct IHVs; -> - an example of a pair of valid, unsuspicious X.509 -> certificates with distinct Distinguished Name fields, -> but identical CA signatures; this example makes use -> of the target collision. -> -> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/, -> where the certificates and a more detailed announcement -> can be found. -> -> Marc Stevens -> Arjen Lenstra -> Benne de Weger -Return-Path: <arjen.lenstra@epfl.ch> -Received: from yxa.extundo.com ([unix socket]) - by yxa-iv (Cyrus v2.1.18-IPv6-Debian-2.1.18-1+sarge2) with LMTP; Tue, 24 Oct 2006 08:32:12 +0200 -X-Sieve: CMU Sieve 2.2 -Received: from smtp1.epfl.ch (smtp1.epfl.ch [128.178.50.22]) - by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with SMTP id k9O6VvPx016489 - for <jas@extundo.com>; Tue, 24 Oct 2006 08:31:57 +0200 -Received: (qmail 16665 invoked by uid 107); 24 Oct 2006 06:31:51 -0000 -Received: from mailav1.epfl.ch (128.178.50.190) - by smtp1.epfl.ch with SMTP; 24 Oct 2006 06:31:51 -0000 -Received: from (smtp2.epfl.ch [128.178.50.133]) by MAILAV1.epfl.ch with smtp - id 3c76_55596730_6329_11db_9dfc_001143d18479; - Tue, 24 Oct 2006 08:31:51 +0200 -Received: from rex1.epfl.ch (128.178.50.178) - by smtp2.epfl.ch (AngelmatoPhylax SMTP proxy); Tue, 24 Oct 2006 08:31:51 +0200 -X-MimeOLE: Produced By Microsoft Exchange V6.5 -Content-class: urn:content-classes:message -MIME-Version: 1.0 -Content-Type: text/plain; - charset="iso-8859-1" -Content-Transfer-Encoding: quoted-printable -Subject: RE: target collisions and colliding certificates with different identities -Date: Tue, 24 Oct 2006 08:31:42 +0200 -Message-ID: <D449110BB7036C4297225E473599E77067DD0A@rex1.intranet.epfl.ch> -In-Reply-To: <87ods2grd4.fsf@latte.josefsson.org> -X-MS-Has-Attach: -X-MS-TNEF-Correlator: -Thread-Topic: target collisions and colliding certificates with different identities -Thread-Index: Acb3NZO8kzaCp7NPSV29z2Ydtt/p5gAAEyEg -From: "Arjen Lenstra" <arjen.lenstra@epfl.ch> -To: "Simon Josefsson" <jas@extundo.com>, - "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl>, - <m.m.j.stevens@student.tue.nl> -X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham - version=3.1.1 -X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv -X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com -X-Virus-Status: Clean -Lines: 75 -Xref: localhost.localdomain rsa-md5:2 - -Hi, -Thanks! -I can't speak for my coauthors, but it's all fine with me, though I find = -the year in your proposed copyright statement a bit odd (I would have = -expected 2006). There are no more authros involved. - -best regards, Arjen Lenstra - ----------------- -Arjen K. Lenstra a k l @ e p f l . c h -EPFL IC LACAL -INJ 330 (B=E2timent INJ) -Station 14 -CH-1015 Lausanne, Switzerland -T=E9l: + 41 21 693 8101 -Fax: + 41 21 693 7550 -=20 -=20 - ------Original Message----- -From: Simon Josefsson [mailto:jas@extundo.com]=20 -Sent: Tuesday, October 24, 2006 8:28 AM -To: Weger, B.M.M. de; m.m.j.stevens@student.tue.nl; Arjen Lenstra -Subject: Re: target collisions and colliding certificates with different = -identities - -Great work, thanks! - -I'd like to include your certificates in GnuTLS, a TLS implementation -that supports X.509, as self-tests of the the certificate verification -logic. Is this OK with you? - -Btw, Gnutls rejected the certificates, we already disable MD5 for -verification purposes. :) - -For our legal department, I'd like a clarification of the license on -the data, would you agree to release the certificates under the -following license? - - Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra, Benne de Weger - - Copying and distribution of this file, with or without = -modification, - are permitted in any medium without royalty provided the copyright - notice and this notice are preserved. - -Also, if any other authors contributed, they would have to agree to -this license as well. Are there other authors? - -Best regards, and thanks in advance, -Simon - -"Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl> writes: - -> Hi all, -> -> We announce: -> - an example of a target collision for MD5; this means:=20 -> for two chosen messages m1 and m2 we have constructed=20 -> appendages b1 and b2 to make the messages collide=20 -> under MD5, i.e. MD5(m1||b1) =3D MD5(m2||b2); -> said differently: we can cause an MD5 collision for=20 -> any pair of distinct IHVs; -> - an example of a pair of valid, unsuspicious X.509=20 -> certificates with distinct Distinguished Name fields,=20 -> but identical CA signatures; this example makes use=20 -> of the target collision. -> -> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/, -> where the certificates and a more detailed announcement=20 -> can be found. -> -> Marc Stevens -> Arjen Lenstra -> Benne de Weger -From: Simon Josefsson <jas@extundo.com> -To: "Arjen Lenstra" <arjen.lenstra@epfl.ch> -Cc: "Weger\, B.M.M. de" <b.m.m.d.weger@TUE.nl>, <m.m.j.stevens@student.tue.nl> -Subject: Re: target collisions and colliding certificates with different identities -References: <D449110BB7036C4297225E473599E77067DD0A@rex1.intranet.epfl.ch> -OpenPGP: id=B565716F; url=http://josefsson.org/key.txt -X-Draft-From: ("nnimap+yxa:INBOX.private.2006.10" 623) -X-Hashcash: 1:22:061024:b.m.m.d.weger@tue.nl::pMR7JuXUTTt/Zjut:0aGD -X-Hashcash: 1:22:061024:arjen.lenstra@epfl.ch::juw1iXMSKV62mZGj:CBbu -X-Hashcash: 1:22:061024:m.m.j.stevens@student.tue.nl::SJdQwxRXP39Dw2C4:n6ia -Date: Tue, 24 Oct 2006 08:43:59 +0200 -In-Reply-To: <D449110BB7036C4297225E473599E77067DD0A@rex1.intranet.epfl.ch> - (Arjen Lenstra's message of "Tue\, 24 Oct 2006 08\:31\:42 +0200") -Message-ID: <87d58igqmo.fsf@latte.josefsson.org> -User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) -MIME-Version: 1.0 -Content-Type: text/plain; charset=iso-8859-1 -Content-Transfer-Encoding: 8bit -Lines: 80 -Xref: localhost.localdomain rsa-md5:3 - -"Arjen Lenstra" <arjen.lenstra@epfl.ch> writes: - -> Hi, -> Thanks! -> I can't speak for my coauthors, but it's all fine with me, though I -> find the year in your proposed copyright statement a bit odd (I -> would have expected 2006). There are no more authros involved. - -Thanks. Duh, I meant 2006, of course. I'd appreciate if Marc and -Benne also replied. - -/Simon - -> best regards, Arjen Lenstra -> -> ---------------- -> Arjen K. Lenstra a k l @ e p f l . c h -> EPFL IC LACAL -> INJ 330 (Bâtiment INJ) -> Station 14 -> CH-1015 Lausanne, Switzerland -> Tél: + 41 21 693 8101 -> Fax: + 41 21 693 7550 -> -> -> -> -----Original Message----- -> From: Simon Josefsson [mailto:jas@extundo.com] -> Sent: Tuesday, October 24, 2006 8:28 AM -> To: Weger, B.M.M. de; m.m.j.stevens@student.tue.nl; Arjen Lenstra -> Subject: Re: target collisions and colliding certificates with different identities -> -> Great work, thanks! -> -> I'd like to include your certificates in GnuTLS, a TLS implementation -> that supports X.509, as self-tests of the the certificate verification -> logic. Is this OK with you? -> -> Btw, Gnutls rejected the certificates, we already disable MD5 for -> verification purposes. :) -> -> For our legal department, I'd like a clarification of the license on -> the data, would you agree to release the certificates under the -> following license? -> -> Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra, Benne de Weger -> -> Copying and distribution of this file, with or without modification, -> are permitted in any medium without royalty provided the copyright -> notice and this notice are preserved. -> -> Also, if any other authors contributed, they would have to agree to -> this license as well. Are there other authors? -> -> Best regards, and thanks in advance, -> Simon -> -> "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl> writes: -> ->> Hi all, ->> ->> We announce: ->> - an example of a target collision for MD5; this means: ->> for two chosen messages m1 and m2 we have constructed ->> appendages b1 and b2 to make the messages collide ->> under MD5, i.e. MD5(m1||b1) = MD5(m2||b2); ->> said differently: we can cause an MD5 collision for ->> any pair of distinct IHVs; ->> - an example of a pair of valid, unsuspicious X.509 ->> certificates with distinct Distinguished Name fields, ->> but identical CA signatures; this example makes use ->> of the target collision. ->> ->> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/, ->> where the certificates and a more detailed announcement ->> can be found. ->> ->> Marc Stevens ->> Arjen Lenstra ->> Benne de Weger -Return-Path: <m.m.j.stevens@student.tue.nl> -Received: from yxa.extundo.com ([unix socket]) - by yxa-iv (Cyrus v2.1.18-IPv6-Debian-2.1.18-1+sarge2) with LMTP; Tue, 24 Oct 2006 09:23:28 +0200 -X-Sieve: CMU Sieve 2.2 -Received: from ipact2.infopact.nl (ipact2.infopact.nl [212.29.160.71]) - by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id k9O7NIbh023920 - (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) - for <jas@extundo.com>; Tue, 24 Oct 2006 09:23:22 +0200 -Received: from ipact2.infopact.nl (localhost.localdomain [127.0.0.1]) - by ipact2.infopact.nl (8.13.7/8.13.7) with ESMTP id k9O7NAZd008636 - for <jas@extundo.com>; Tue, 24 Oct 2006 09:23:11 +0200 -Received: (from defang@localhost) - by ipact2.infopact.nl (8.13.7/8.13.7/Submit) id k9O7J939006762 - for <jas@extundo.com>; Tue, 24 Oct 2006 09:19:09 +0200 -Received: from smtp.banaan.org (72-130-ftth.onsnet.nu [88.159.130.72]) - by ipact2.infopact.nl (envelope-sender <m.m.j.stevens@student.tue.nl>) (MIMEDefang) with ESMTP id k9O7J72W006742; Tue, 24 Oct 2006 09:19:09 +0200 (CEST) -Received: by smtp.banaan.org (Postfix, from userid 1018) - id DE1B689D80; Tue, 24 Oct 2006 09:19:06 +0200 (CEST) -X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv -X-Spam-Level: -X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,FORGED_RCVD_HELO - autolearn=ham version=3.1.1 -Received: from s478591 (cp688553-a.tilbu1.nb.home.nl [84.24.55.50]) - by smtp.banaan.org (Postfix) with ESMTP id 5EE4889EF9; - Tue, 24 Oct 2006 09:18:57 +0200 (CEST) -Message-ID: <03cf01c6f73c$a8923390$8702a8c0@s478591> -From: "Marc Stevens" <m.m.j.stevens@student.tue.nl> -To: "Simon Josefsson" <jas@extundo.com>, - "Arjen Lenstra" <arjen.lenstra@epfl.ch> -Cc: "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl> -References: <D449110BB7036C4297225E473599E77067DD0A@rex1.intranet.epfl.ch> <87d58igqmo.fsf@latte.josefsson.org> -Subject: Re: target collisions and colliding certificates with different identities -Date: Tue, 24 Oct 2006 09:18:50 +0200 -MIME-Version: 1.0 -Content-Type: text/plain; - format=flowed; - charset="iso-8859-1"; - reply-type=original -Content-Transfer-Encoding: 8bit -X-Priority: 3 -X-MSMail-Priority: Normal -X-Mailer: Microsoft Outlook Express 6.00.2900.2869 -X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 -X-Scanned-By: MIMEDefang - SpamAssassin on 212.29.160.71 -X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com -X-Virus-Status: Clean -Lines: 101 -Xref: localhost.localdomain rsa-md5:4 - -Hi Simon, - -Thanks! -I am also okay with the proposed license. - -Kind regards, - Marc - ------ Original Message ----- -From: "Simon Josefsson" <jas@extundo.com> -To: "Arjen Lenstra" <arjen.lenstra@epfl.ch> -Cc: "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl>; -<m.m.j.stevens@student.tue.nl> -Sent: Tuesday, October 24, 2006 8:43 AM -Subject: Re: target collisions and colliding certificates with different -identities - - -> "Arjen Lenstra" <arjen.lenstra@epfl.ch> writes: -> ->> Hi, ->> Thanks! ->> I can't speak for my coauthors, but it's all fine with me, though I ->> find the year in your proposed copyright statement a bit odd (I ->> would have expected 2006). There are no more authros involved. -> -> Thanks. Duh, I meant 2006, of course. I'd appreciate if Marc and -> Benne also replied. -> -> /Simon -> ->> best regards, Arjen Lenstra ->> ->> ---------------- ->> Arjen K. Lenstra a k l @ e p f l . c h ->> EPFL IC LACAL ->> INJ 330 (Bâtiment INJ) ->> Station 14 ->> CH-1015 Lausanne, Switzerland ->> Tél: + 41 21 693 8101 ->> Fax: + 41 21 693 7550 ->> ->> ->> ->> -----Original Message----- ->> From: Simon Josefsson [mailto:jas@extundo.com] ->> Sent: Tuesday, October 24, 2006 8:28 AM ->> To: Weger, B.M.M. de; m.m.j.stevens@student.tue.nl; Arjen Lenstra ->> Subject: Re: target collisions and colliding certificates with different ->> identities ->> ->> Great work, thanks! ->> ->> I'd like to include your certificates in GnuTLS, a TLS implementation ->> that supports X.509, as self-tests of the the certificate verification ->> logic. Is this OK with you? ->> ->> Btw, Gnutls rejected the certificates, we already disable MD5 for ->> verification purposes. :) ->> ->> For our legal department, I'd like a clarification of the license on ->> the data, would you agree to release the certificates under the ->> following license? ->> ->> Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra, Benne de Weger ->> ->> Copying and distribution of this file, with or without modification, ->> are permitted in any medium without royalty provided the copyright ->> notice and this notice are preserved. ->> ->> Also, if any other authors contributed, they would have to agree to ->> this license as well. Are there other authors? ->> ->> Best regards, and thanks in advance, ->> Simon ->> ->> "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl> writes: ->> ->>> Hi all, ->>> ->>> We announce: ->>> - an example of a target collision for MD5; this means: ->>> for two chosen messages m1 and m2 we have constructed ->>> appendages b1 and b2 to make the messages collide ->>> under MD5, i.e. MD5(m1||b1) = MD5(m2||b2); ->>> said differently: we can cause an MD5 collision for ->>> any pair of distinct IHVs; ->>> - an example of a pair of valid, unsuspicious X.509 ->>> certificates with distinct Distinguished Name fields, ->>> but identical CA signatures; this example makes use ->>> of the target collision. ->>> ->>> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/, ->>> where the certificates and a more detailed announcement ->>> can be found. ->>> ->>> Marc Stevens ->>> Arjen Lenstra ->>> Benne de Weger -> - -Return-Path: <b.m.m.d.weger@TUE.nl> -Received: from yxa.extundo.com ([unix socket]) - by yxa-iv (Cyrus v2.1.18-IPv6-Debian-2.1.18-1+sarge2) with LMTP; Tue, 24 Oct 2006 10:55:48 +0200 -X-Sieve: CMU Sieve 2.2 -Received: from mailhost.tue.nl (mailhost.tue.nl [131.155.2.19]) - by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id k9O8te8O005696 - for <jas@extundo.com>; Tue, 24 Oct 2006 10:55:40 +0200 -Received: from localhost (localhost [127.0.0.1]) - by mailhost.tue.nl (Postfix) with ESMTP id B6C745C297; - Tue, 24 Oct 2006 10:55:39 +0200 (CEST) -X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com -X-Virus-Scanned: amavisd-new at tue.nl -Received: from mailhost.tue.nl ([131.155.2.19]) - by localhost (pastinakel.tue.nl [127.0.0.1]) (amavisd-new, port 10024) - with ESMTP id 84pZYnFvD8HO; Tue, 24 Oct 2006 10:55:39 +0200 (CEST) -Received: from EXCHANGE3.campus.tue.nl (xserver3.campus.tue.nl [131.155.6.6]) - by mailhost.tue.nl (Postfix) with ESMTP id 1CFE55C293; - Tue, 24 Oct 2006 10:55:39 +0200 (CEST) -X-MimeOLE: Produced By Microsoft Exchange V6.5 -Content-class: urn:content-classes:message -MIME-Version: 1.0 -Content-Type: text/plain; - charset="iso-8859-1" -Content-Transfer-Encoding: quoted-printable -Subject: RE: target collisions and colliding certificates with different identities -Date: Tue, 24 Oct 2006 10:55:38 +0200 -Message-ID: <DFA3206A564B80499B87B89B49BCD3135DC263@EXCHANGE3.campus.tue.nl> -In-Reply-To: <87d58igqmo.fsf@latte.josefsson.org> -X-MS-Has-Attach: -X-MS-TNEF-Correlator: -Thread-Topic: target collisions and colliding certificates with different identities -Thread-Index: Acb3N816trM39dt6Tmef1RZSgSRhMQAEdpog -From: "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl> -To: "Simon Josefsson" <jas@extundo.com> -Cc: "Stevens, M.M.J." <M.M.J.Stevens@student.tue.nl>, - "Arjen Lenstra" <arjen.lenstra@epfl.ch> -X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham - version=3.1.1 -X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv -X-Virus-Status: Clean -Lines: 123 -Xref: localhost.localdomain rsa-md5:5 - -Hi Simon, - -When your software rejects any MD5 certificate I don't see why -you would use our colliding ones, doesn't it mean that you'll=20 -have more explaining to do? -But when you want it this way, it's fine with me too. - -Grtz, -Benne - -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -Technische Universiteit Eindhoven -Coding & Crypto Groep -Faculteit Wiskunde en Informatica -Den Dolech 2 -Postbus 513 -5600 MB Eindhoven -kamer: HG 9.84 -tel.: (040) 247 2704, bgg 5141 -e-mail: b.m.m.d.weger@tue.nl -www: http://www.win.tue.nl/~bdeweger -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D - - - =20 - -> -----Original Message----- -> From: Simon Josefsson [mailto:jas@extundo.com]=20 -> Sent: dinsdag 24 oktober 2006 8:44 -> To: Arjen Lenstra -> Cc: Weger, B.M.M. de; Stevens, M.M.J. -> Subject: Re: target collisions and colliding certificates=20 -> with different identities ->=20 -> "Arjen Lenstra" <arjen.lenstra@epfl.ch> writes: ->=20 -> > Hi, -> > Thanks! -> > I can't speak for my coauthors, but it's all fine with me, though I -> > find the year in your proposed copyright statement a bit odd (I -> > would have expected 2006). There are no more authros involved. ->=20 -> Thanks. Duh, I meant 2006, of course. I'd appreciate if Marc and -> Benne also replied. ->=20 -> /Simon ->=20 -> > best regards, Arjen Lenstra -> > -> > ---------------- -> > Arjen K. Lenstra a k l @ e p f l . c h -> > EPFL IC LACAL -> > INJ 330 (B=E2timent INJ) -> > Station 14 -> > CH-1015 Lausanne, Switzerland -> > T=E9l: + 41 21 693 8101 -> > Fax: + 41 21 693 7550 -> > =20 -> > =20 -> > -> > -----Original Message----- -> > From: Simon Josefsson [mailto:jas@extundo.com]=20 -> > Sent: Tuesday, October 24, 2006 8:28 AM -> > To: Weger, B.M.M. de; m.m.j.stevens@student.tue.nl; Arjen Lenstra -> > Subject: Re: target collisions and colliding certificates=20 -> with different identities -> > -> > Great work, thanks! -> > -> > I'd like to include your certificates in GnuTLS, a TLS=20 -> implementation -> > that supports X.509, as self-tests of the the certificate=20 -> verification -> > logic. Is this OK with you? -> > -> > Btw, Gnutls rejected the certificates, we already disable MD5 for -> > verification purposes. :) -> > -> > For our legal department, I'd like a clarification of the license on -> > the data, would you agree to release the certificates under the -> > following license? -> > -> > Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra,=20 -> Benne de Weger -> > -> > Copying and distribution of this file, with or without=20 -> modification, -> > are permitted in any medium without royalty provided=20 -> the copyright -> > notice and this notice are preserved. -> > -> > Also, if any other authors contributed, they would have to agree to -> > this license as well. Are there other authors? -> > -> > Best regards, and thanks in advance, -> > Simon -> > -> > "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl> writes: -> > -> >> Hi all, -> >> -> >> We announce: -> >> - an example of a target collision for MD5; this means:=20 -> >> for two chosen messages m1 and m2 we have constructed=20 -> >> appendages b1 and b2 to make the messages collide=20 -> >> under MD5, i.e. MD5(m1||b1) =3D MD5(m2||b2); -> >> said differently: we can cause an MD5 collision for=20 -> >> any pair of distinct IHVs; -> >> - an example of a pair of valid, unsuspicious X.509=20 -> >> certificates with distinct Distinguished Name fields,=20 -> >> but identical CA signatures; this example makes use=20 -> >> of the target collision. -> >> -> >> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/, -> >> where the certificates and a more detailed announcement=20 -> >> can be found. -> >> -> >> Marc Stevens -> >> Arjen Lenstra -> >> Benne de Weger ->=20 |