[Cryptography] ALPACA
Viktor Dukhovni
cryptography at dukhovni.org
Fri Jun 11 02:14:40 EDT 2021
> On 10 Jun 2021, at 12:52 am, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>
> They do however contain usage indicators (e.g. usable for email but not for
> running a web server), but everything pretty much ignores those so the
> attack is still possible.
The above is misleading. The "email" usages are for S/MIME, not TLS.
The "web server usage" is really TLS server usage, and so SMTP servers
that do STARTTLS are in the same bucket as HTTPS servers.
OpenSSL does not ignore extended key usage, but this can't help to
distinguish between SMTP, IMAP, POP, FTP, TELNET or Web Servers
employing TLS. The TLS EKU is all-encompassing.
--
Viktor.
More information about the cryptography
mailing list