[zeromq-dev] Proposal for ZeroMQ certificate format

Pieter Hintjens ph at imatix.com
Wed Oct 16 16:06:13 CEST 2013


On Wed, Oct 16, 2013 at 3:40 PM, shancat <shannenlaptop at gmail.com> wrote:

> Point 1 & 3 should be excluded. Why bother with high strength crypto like
> curve when it's easy to generate forged certificates in the first place?

It's not clear that it's easy or even possible. A forged certificate
would need to have the exact same size (the size is part of the
fingerprint line), while remaining valid and parseable.

We do agree on the need for fingerprinting? In that case I'd propose
we make an arbitrary-but-not-MD5 choice today, and continue on other
aspects. We're not the only ones with the problem. No matter what we
chose we're going to have to use something better in the future.

I suggest we use SHA512 truncated to 6 bytes, and prefixed by the
first 6 bytes of the sender's public key. To create a fraudulent
certificate an attacker would have to find a double collision.

-Pieter



More information about the zeromq-dev mailing list