Bonjour, > Le 9 sept. 2015 ? 14:17, Georgi Guninski <guninski at guninski.com> a ?crit : > > On Wed, Sep 09, 2015 at 12:07:43PM +0000, Viktor Dukhovni wrote: >>> >>> Are you saying I can't sign the cert with another cert >>> (the pubkey is easy to extract from the cert) with openssl? >> >> If you control a trusted root CA, or an intermediate CA issued >> (possibly indirectly) by a trusted root CA, you can sign anything >> you want and it will be trusted. The fact that malfeasant CAs can >> compromise security is not new. >> >> If you don't control a trusted CA, what significance would such a >> signature carry? Yes, most certificates (sometimes constrained by >> KeyUsage) can be used for signing, but unless "CA=true", they can't >> be used to sign other certificates that will be trusted by peers. >> > > I am gonna leave this list very soon. > > Feel free to CC me with answer: > > If I am CA and sign cert requests with vanilla openssl, > will I sign a composite $q$? If you?re a CA and sign cert requests, you?re responsible to check the public key you?re signing. You could also sign an RSA key with e=1 or a dumb modulus, and it?s not a backdoor in RSA or OpenSSL.
