path: root/tests/rsa-md5-collision/mbox

X-Hashcash: 1:22:061024:m.m.j.stevens@student.tue.nl::NIoLZwQj6TTZ4YZK:BUuA
X-Hashcash: 1:22:061024:arjen.lenstra@epfl.ch::NgTq8sJW1QBlX/rv:g9Z
From: Simon Josefsson <jas@extundo.com>
To: "Weger\, B.M.M. de" <b.m.m.d.weger@TUE.nl>, m.m.j.stevens@student.tue.nl, arjen.lenstra@epfl.ch
Subject: Re: target collisions and colliding certificates with different identities
References: <DFA3206A564B80499B87B89B49BCD3135DC17A@EXCHANGE3.campus.tue.nl>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Draft-From: ("gmane.ietf.irtf.cfrg" 784)
X-Hashcash: 1:22:061024:b.m.m.d.weger@tue.nl::aYYmnRc08nJKaUMk:6ddD
Date: Tue, 24 Oct 2006 08:28:07 +0200
In-Reply-To: <DFA3206A564B80499B87B89B49BCD3135DC17A@EXCHANGE3.campus.tue.nl>
	(B. M. M. de Weger's message of "Mon\, 23 Oct 2006 23\:58\:21 +0200")
Message-ID: <87ods2grd4.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Lines: 48
Xref: localhost.localdomain rsa-md5:1

Great work, thanks!

I'd like to include your certificates in GnuTLS, a TLS implementation
that supports X.509, as self-tests of the the certificate verification
logic.  Is this OK with you?

Btw, Gnutls rejected the certificates, we already disable MD5 for
verification purposes. :)

For our legal department, I'd like a clarification of the license on
the data, would you agree to release the certificates under the
following license?

     Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra, Benne de Weger

     Copying and distribution of this file, with or without modification,
     are permitted in any medium without royalty provided the copyright
     notice and this notice are preserved.

Also, if any other authors contributed, they would have to agree to
this license as well.  Are there other authors?

Best regards, and thanks in advance,
Simon

"Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl> writes:

> Hi all,
>
> We announce:
> - an example of a target collision for MD5; this means: 
>   for two chosen messages m1 and m2 we have constructed 
>   appendages b1 and b2 to make the messages collide 
>   under MD5, i.e. MD5(m1||b1) = MD5(m2||b2);
>   said differently: we can cause an MD5 collision for 
>   any pair of distinct IHVs;
> - an example of a pair of valid, unsuspicious X.509 
>   certificates with distinct Distinguished Name fields, 
>   but identical CA signatures; this example makes use 
>   of the target collision.
>
> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/,
> where the certificates and a more detailed announcement 
> can be found.
>
> Marc Stevens
> Arjen Lenstra
> Benne de Weger
Return-Path: <arjen.lenstra@epfl.ch>
Received: from yxa.extundo.com ([unix socket])
	by yxa-iv (Cyrus v2.1.18-IPv6-Debian-2.1.18-1+sarge2) with LMTP; Tue, 24 Oct 2006 08:32:12 +0200
X-Sieve: CMU Sieve 2.2
Received: from smtp1.epfl.ch (smtp1.epfl.ch [128.178.50.22])
	by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with SMTP id k9O6VvPx016489
	for <jas@extundo.com>; Tue, 24 Oct 2006 08:31:57 +0200
Received: (qmail 16665 invoked by uid 107); 24 Oct 2006 06:31:51 -0000
Received: from mailav1.epfl.ch (128.178.50.190)
  by smtp1.epfl.ch with SMTP; 24 Oct 2006 06:31:51 -0000
Received: from (smtp2.epfl.ch [128.178.50.133]) by MAILAV1.epfl.ch with smtp
	 id 3c76_55596730_6329_11db_9dfc_001143d18479;
	Tue, 24 Oct 2006 08:31:51 +0200
Received: from rex1.epfl.ch (128.178.50.178)
  by smtp2.epfl.ch (AngelmatoPhylax SMTP proxy); Tue, 24 Oct 2006 08:31:51 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: target collisions and colliding certificates with different identities
Date: Tue, 24 Oct 2006 08:31:42 +0200
Message-ID: <D449110BB7036C4297225E473599E77067DD0A@rex1.intranet.epfl.ch>
In-Reply-To: <87ods2grd4.fsf@latte.josefsson.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: target collisions and colliding certificates with different identities
Thread-Index: Acb3NZO8kzaCp7NPSV29z2Ydtt/p5gAAEyEg
From: "Arjen Lenstra" <arjen.lenstra@epfl.ch>
To: "Simon Josefsson" <jas@extundo.com>,
        "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl>,
        <m.m.j.stevens@student.tue.nl>
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham 
	version=3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
Lines: 75
Xref: localhost.localdomain rsa-md5:2

Hi,
Thanks!
I can't speak for my coauthors, but it's all fine with me, though I find =
the year in your proposed copyright statement a bit odd (I would have =
expected 2006). There are no more authros involved.

best regards, Arjen Lenstra

----------------
Arjen K. Lenstra   a k l @ e p f l . c h
EPFL IC LACAL
INJ 330 (B=E2timent INJ)
Station 14
CH-1015 Lausanne, Switzerland
T=E9l: + 41 21 693 8101
Fax: + 41 21 693 7550
=20
=20

-----Original Message-----
From: Simon Josefsson [mailto:jas@extundo.com]=20
Sent: Tuesday, October 24, 2006 8:28 AM
To: Weger, B.M.M. de; m.m.j.stevens@student.tue.nl; Arjen Lenstra
Subject: Re: target collisions and colliding certificates with different =
identities

Great work, thanks!

I'd like to include your certificates in GnuTLS, a TLS implementation
that supports X.509, as self-tests of the the certificate verification
logic.  Is this OK with you?

Btw, Gnutls rejected the certificates, we already disable MD5 for
verification purposes. :)

For our legal department, I'd like a clarification of the license on
the data, would you agree to release the certificates under the
following license?

     Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra, Benne de Weger

     Copying and distribution of this file, with or without =
modification,
     are permitted in any medium without royalty provided the copyright
     notice and this notice are preserved.

Also, if any other authors contributed, they would have to agree to
this license as well.  Are there other authors?

Best regards, and thanks in advance,
Simon

"Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl> writes:

> Hi all,
>
> We announce:
> - an example of a target collision for MD5; this means:=20
>   for two chosen messages m1 and m2 we have constructed=20
>   appendages b1 and b2 to make the messages collide=20
>   under MD5, i.e. MD5(m1||b1) =3D MD5(m2||b2);
>   said differently: we can cause an MD5 collision for=20
>   any pair of distinct IHVs;
> - an example of a pair of valid, unsuspicious X.509=20
>   certificates with distinct Distinguished Name fields,=20
>   but identical CA signatures; this example makes use=20
>   of the target collision.
>
> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/,
> where the certificates and a more detailed announcement=20
> can be found.
>
> Marc Stevens
> Arjen Lenstra
> Benne de Weger
From: Simon Josefsson <jas@extundo.com>
To: "Arjen Lenstra" <arjen.lenstra@epfl.ch>
Cc: "Weger\, B.M.M. de" <b.m.m.d.weger@TUE.nl>,  <m.m.j.stevens@student.tue.nl>
Subject: Re: target collisions and colliding certificates with different identities
References: <D449110BB7036C4297225E473599E77067DD0A@rex1.intranet.epfl.ch>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Draft-From: ("nnimap+yxa:INBOX.private.2006.10" 623)
X-Hashcash: 1:22:061024:b.m.m.d.weger@tue.nl::pMR7JuXUTTt/Zjut:0aGD
X-Hashcash: 1:22:061024:arjen.lenstra@epfl.ch::juw1iXMSKV62mZGj:CBbu
X-Hashcash: 1:22:061024:m.m.j.stevens@student.tue.nl::SJdQwxRXP39Dw2C4:n6ia
Date: Tue, 24 Oct 2006 08:43:59 +0200
In-Reply-To: <D449110BB7036C4297225E473599E77067DD0A@rex1.intranet.epfl.ch>
	(Arjen Lenstra's message of "Tue\, 24 Oct 2006 08\:31\:42 +0200")
Message-ID: <87d58igqmo.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Lines: 80
Xref: localhost.localdomain rsa-md5:3

"Arjen Lenstra" <arjen.lenstra@epfl.ch> writes:

> Hi,
> Thanks!
> I can't speak for my coauthors, but it's all fine with me, though I
> find the year in your proposed copyright statement a bit odd (I
> would have expected 2006). There are no more authros involved.

Thanks.  Duh, I meant 2006, of course.  I'd appreciate if Marc and
Benne also replied.

/Simon

> best regards, Arjen Lenstra
>
> ----------------
> Arjen K. Lenstra   a k l @ e p f l . c h
> EPFL IC LACAL
> INJ 330 (Bâtiment INJ)
> Station 14
> CH-1015 Lausanne, Switzerland
> Tél: + 41 21 693 8101
> Fax: + 41 21 693 7550
>  
>  
>
> -----Original Message-----
> From: Simon Josefsson [mailto:jas@extundo.com] 
> Sent: Tuesday, October 24, 2006 8:28 AM
> To: Weger, B.M.M. de; m.m.j.stevens@student.tue.nl; Arjen Lenstra
> Subject: Re: target collisions and colliding certificates with different identities
>
> Great work, thanks!
>
> I'd like to include your certificates in GnuTLS, a TLS implementation
> that supports X.509, as self-tests of the the certificate verification
> logic.  Is this OK with you?
>
> Btw, Gnutls rejected the certificates, we already disable MD5 for
> verification purposes. :)
>
> For our legal department, I'd like a clarification of the license on
> the data, would you agree to release the certificates under the
> following license?
>
>      Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra, Benne de Weger
>
>      Copying and distribution of this file, with or without modification,
>      are permitted in any medium without royalty provided the copyright
>      notice and this notice are preserved.
>
> Also, if any other authors contributed, they would have to agree to
> this license as well.  Are there other authors?
>
> Best regards, and thanks in advance,
> Simon
>
> "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl> writes:
>
>> Hi all,
>>
>> We announce:
>> - an example of a target collision for MD5; this means: 
>>   for two chosen messages m1 and m2 we have constructed 
>>   appendages b1 and b2 to make the messages collide 
>>   under MD5, i.e. MD5(m1||b1) = MD5(m2||b2);
>>   said differently: we can cause an MD5 collision for 
>>   any pair of distinct IHVs;
>> - an example of a pair of valid, unsuspicious X.509 
>>   certificates with distinct Distinguished Name fields, 
>>   but identical CA signatures; this example makes use 
>>   of the target collision.
>>
>> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/,
>> where the certificates and a more detailed announcement 
>> can be found.
>>
>> Marc Stevens
>> Arjen Lenstra
>> Benne de Weger
Return-Path: <m.m.j.stevens@student.tue.nl>
Received: from yxa.extundo.com ([unix socket])
	by yxa-iv (Cyrus v2.1.18-IPv6-Debian-2.1.18-1+sarge2) with LMTP; Tue, 24 Oct 2006 09:23:28 +0200
X-Sieve: CMU Sieve 2.2
Received: from ipact2.infopact.nl (ipact2.infopact.nl [212.29.160.71])
	by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id k9O7NIbh023920
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <jas@extundo.com>; Tue, 24 Oct 2006 09:23:22 +0200
Received: from ipact2.infopact.nl (localhost.localdomain [127.0.0.1])
	by ipact2.infopact.nl (8.13.7/8.13.7) with ESMTP id k9O7NAZd008636
	for <jas@extundo.com>; Tue, 24 Oct 2006 09:23:11 +0200
Received: (from defang@localhost)
	by ipact2.infopact.nl (8.13.7/8.13.7/Submit) id k9O7J939006762
	for <jas@extundo.com>; Tue, 24 Oct 2006 09:19:09 +0200
Received: from smtp.banaan.org (72-130-ftth.onsnet.nu [88.159.130.72])
	by ipact2.infopact.nl (envelope-sender <m.m.j.stevens@student.tue.nl>) (MIMEDefang) with ESMTP id k9O7J72W006742; Tue, 24 Oct 2006 09:19:09 +0200 (CEST)
Received: by smtp.banaan.org (Postfix, from userid 1018)
	id DE1B689D80; Tue, 24 Oct 2006 09:19:06 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv
X-Spam-Level: 
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,FORGED_RCVD_HELO 
	autolearn=ham version=3.1.1
Received: from s478591 (cp688553-a.tilbu1.nb.home.nl [84.24.55.50])
	by smtp.banaan.org (Postfix) with ESMTP id 5EE4889EF9;
	Tue, 24 Oct 2006 09:18:57 +0200 (CEST)
Message-ID: <03cf01c6f73c$a8923390$8702a8c0@s478591>
From: "Marc Stevens" <m.m.j.stevens@student.tue.nl>
To: "Simon Josefsson" <jas@extundo.com>,
        "Arjen Lenstra" <arjen.lenstra@epfl.ch>
Cc: "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl>
References: <D449110BB7036C4297225E473599E77067DD0A@rex1.intranet.epfl.ch> <87d58igqmo.fsf@latte.josefsson.org>
Subject: Re: target collisions and colliding certificates with different identities
Date: Tue, 24 Oct 2006 09:18:50 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-Scanned-By: MIMEDefang - SpamAssassin on 212.29.160.71
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
Lines: 101
Xref: localhost.localdomain rsa-md5:4

Hi Simon,

Thanks!
I am also okay with the proposed license.

Kind regards,
    Marc

----- Original Message ----- 
From: "Simon Josefsson" <jas@extundo.com>
To: "Arjen Lenstra" <arjen.lenstra@epfl.ch>
Cc: "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl>; 
<m.m.j.stevens@student.tue.nl>
Sent: Tuesday, October 24, 2006 8:43 AM
Subject: Re: target collisions and colliding certificates with different 
identities


> "Arjen Lenstra" <arjen.lenstra@epfl.ch> writes:
>
>> Hi,
>> Thanks!
>> I can't speak for my coauthors, but it's all fine with me, though I
>> find the year in your proposed copyright statement a bit odd (I
>> would have expected 2006). There are no more authros involved.
>
> Thanks.  Duh, I meant 2006, of course.  I'd appreciate if Marc and
> Benne also replied.
>
> /Simon
>
>> best regards, Arjen Lenstra
>>
>> ----------------
>> Arjen K. Lenstra   a k l @ e p f l . c h
>> EPFL IC LACAL
>> INJ 330 (Bâtiment INJ)
>> Station 14
>> CH-1015 Lausanne, Switzerland
>> Tél: + 41 21 693 8101
>> Fax: + 41 21 693 7550
>>
>>
>>
>> -----Original Message-----
>> From: Simon Josefsson [mailto:jas@extundo.com]
>> Sent: Tuesday, October 24, 2006 8:28 AM
>> To: Weger, B.M.M. de; m.m.j.stevens@student.tue.nl; Arjen Lenstra
>> Subject: Re: target collisions and colliding certificates with different 
>> identities
>>
>> Great work, thanks!
>>
>> I'd like to include your certificates in GnuTLS, a TLS implementation
>> that supports X.509, as self-tests of the the certificate verification
>> logic.  Is this OK with you?
>>
>> Btw, Gnutls rejected the certificates, we already disable MD5 for
>> verification purposes. :)
>>
>> For our legal department, I'd like a clarification of the license on
>> the data, would you agree to release the certificates under the
>> following license?
>>
>>      Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra, Benne de Weger
>>
>>      Copying and distribution of this file, with or without modification,
>>      are permitted in any medium without royalty provided the copyright
>>      notice and this notice are preserved.
>>
>> Also, if any other authors contributed, they would have to agree to
>> this license as well.  Are there other authors?
>>
>> Best regards, and thanks in advance,
>> Simon
>>
>> "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl> writes:
>>
>>> Hi all,
>>>
>>> We announce:
>>> - an example of a target collision for MD5; this means:
>>>   for two chosen messages m1 and m2 we have constructed
>>>   appendages b1 and b2 to make the messages collide
>>>   under MD5, i.e. MD5(m1||b1) = MD5(m2||b2);
>>>   said differently: we can cause an MD5 collision for
>>>   any pair of distinct IHVs;
>>> - an example of a pair of valid, unsuspicious X.509
>>>   certificates with distinct Distinguished Name fields,
>>>   but identical CA signatures; this example makes use
>>>   of the target collision.
>>>
>>> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/,
>>> where the certificates and a more detailed announcement
>>> can be found.
>>>
>>> Marc Stevens
>>> Arjen Lenstra
>>> Benne de Weger
> 

Return-Path: <b.m.m.d.weger@TUE.nl>
Received: from yxa.extundo.com ([unix socket])
	by yxa-iv (Cyrus v2.1.18-IPv6-Debian-2.1.18-1+sarge2) with LMTP; Tue, 24 Oct 2006 10:55:48 +0200
X-Sieve: CMU Sieve 2.2
Received: from mailhost.tue.nl (mailhost.tue.nl [131.155.2.19])
	by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id k9O8te8O005696
	for <jas@extundo.com>; Tue, 24 Oct 2006 10:55:40 +0200
Received: from localhost (localhost [127.0.0.1])
	by mailhost.tue.nl (Postfix) with ESMTP id B6C745C297;
	Tue, 24 Oct 2006 10:55:39 +0200 (CEST)
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Scanned: amavisd-new at tue.nl
Received: from mailhost.tue.nl ([131.155.2.19])
	by localhost (pastinakel.tue.nl [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 84pZYnFvD8HO; Tue, 24 Oct 2006 10:55:39 +0200 (CEST)
Received: from EXCHANGE3.campus.tue.nl (xserver3.campus.tue.nl [131.155.6.6])
	by mailhost.tue.nl (Postfix) with ESMTP id 1CFE55C293;
	Tue, 24 Oct 2006 10:55:39 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: target collisions and colliding certificates with different identities
Date: Tue, 24 Oct 2006 10:55:38 +0200
Message-ID: <DFA3206A564B80499B87B89B49BCD3135DC263@EXCHANGE3.campus.tue.nl>
In-Reply-To: <87d58igqmo.fsf@latte.josefsson.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: target collisions and colliding certificates with different identities
Thread-Index: Acb3N816trM39dt6Tmef1RZSgSRhMQAEdpog
From: "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl>
To: "Simon Josefsson" <jas@extundo.com>
Cc: "Stevens, M.M.J." <M.M.J.Stevens@student.tue.nl>,
        "Arjen Lenstra" <arjen.lenstra@epfl.ch>
X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham 
	version=3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv
X-Virus-Status: Clean
Lines: 123
Xref: localhost.localdomain rsa-md5:5

Hi Simon,

When your software rejects any MD5 certificate I don't see why
you would use our colliding ones, doesn't it mean that you'll=20
have more explaining to do?
But when you want it this way, it's fine with me too.

Grtz,
Benne

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Technische Universiteit Eindhoven
Coding & Crypto Groep
Faculteit Wiskunde en Informatica
Den Dolech 2
Postbus 513
5600 MB Eindhoven
kamer:  HG 9.84
tel.:   (040) 247 2704, bgg 5141
e-mail: b.m.m.d.weger@tue.nl
www:    http://www.win.tue.nl/~bdeweger
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D


 =20

> -----Original Message-----
> From: Simon Josefsson [mailto:jas@extundo.com]=20
> Sent: dinsdag 24 oktober 2006 8:44
> To: Arjen Lenstra
> Cc: Weger, B.M.M. de; Stevens, M.M.J.
> Subject: Re: target collisions and colliding certificates=20
> with different identities
>=20
> "Arjen Lenstra" <arjen.lenstra@epfl.ch> writes:
>=20
> > Hi,
> > Thanks!
> > I can't speak for my coauthors, but it's all fine with me, though I
> > find the year in your proposed copyright statement a bit odd (I
> > would have expected 2006). There are no more authros involved.
>=20
> Thanks.  Duh, I meant 2006, of course.  I'd appreciate if Marc and
> Benne also replied.
>=20
> /Simon
>=20
> > best regards, Arjen Lenstra
> >
> > ----------------
> > Arjen K. Lenstra   a k l @ e p f l . c h
> > EPFL IC LACAL
> > INJ 330 (B=E2timent INJ)
> > Station 14
> > CH-1015 Lausanne, Switzerland
> > T=E9l: + 41 21 693 8101
> > Fax: + 41 21 693 7550
> > =20
> > =20
> >
> > -----Original Message-----
> > From: Simon Josefsson [mailto:jas@extundo.com]=20
> > Sent: Tuesday, October 24, 2006 8:28 AM
> > To: Weger, B.M.M. de; m.m.j.stevens@student.tue.nl; Arjen Lenstra
> > Subject: Re: target collisions and colliding certificates=20
> with different identities
> >
> > Great work, thanks!
> >
> > I'd like to include your certificates in GnuTLS, a TLS=20
> implementation
> > that supports X.509, as self-tests of the the certificate=20
> verification
> > logic.  Is this OK with you?
> >
> > Btw, Gnutls rejected the certificates, we already disable MD5 for
> > verification purposes. :)
> >
> > For our legal department, I'd like a clarification of the license on
> > the data, would you agree to release the certificates under the
> > following license?
> >
> >      Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra,=20
> Benne de Weger
> >
> >      Copying and distribution of this file, with or without=20
> modification,
> >      are permitted in any medium without royalty provided=20
> the copyright
> >      notice and this notice are preserved.
> >
> > Also, if any other authors contributed, they would have to agree to
> > this license as well.  Are there other authors?
> >
> > Best regards, and thanks in advance,
> > Simon
> >
> > "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl> writes:
> >
> >> Hi all,
> >>
> >> We announce:
> >> - an example of a target collision for MD5; this means:=20
> >>   for two chosen messages m1 and m2 we have constructed=20
> >>   appendages b1 and b2 to make the messages collide=20
> >>   under MD5, i.e. MD5(m1||b1) =3D MD5(m2||b2);
> >>   said differently: we can cause an MD5 collision for=20
> >>   any pair of distinct IHVs;
> >> - an example of a pair of valid, unsuspicious X.509=20
> >>   certificates with distinct Distinguished Name fields,=20
> >>   but identical CA signatures; this example makes use=20
> >>   of the target collision.
> >>
> >> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/,
> >> where the certificates and a more detailed announcement=20
> >> can be found.
> >>
> >> Marc Stevens
> >> Arjen Lenstra
> >> Benne de Weger
>=20