Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uunet!aplcen!uakari.primate.wisc.edu!zaphod.mps.ohio-state.edu!tut.cis.ohio-state.edu!ucbvax!hplabs!otter!csi
From: csi@otter.hpl.hp.com (Colin I'Anson)
Newsgroups: comp.protocols.iso
Subject: Re: Re: X.509 vulnerabilities
Message-ID: <3680002@otter.hpl.hp.com>
Date: 2 Jan 90 07:58:08 GMT
References: <891220084050.22200126@CCC.NMFECC.GOV>
Organization: Hewlett-Packard Laboratories, Bristol, UK.
Lines: 22

There are a number of serious errors in X.509 which have already been
reported to the CCITT defect editors.  Althought I don't know how they
have been resolved a list of the defects known to me might be of use to
others(!)

1. The use of the mod square hash and RSA is not secure
2. The third part of 3 way authentication does not provide the 
   purported service
3. The token structure, where encrypted data is signed, can be
   attacked and ownership of the data changed
4. Incorrect conditions for the constraints on the use of RSA
5. Over-restricitive definition of digital signatures

Items 1-3 are serious, 4 and 5 minor.  (5 might be considered to be
an enhancement.)

If you would like more details please e-mail me - if there is a large
response, I will probably post a general answer ...

Colin I'Anson

... and you can't prove I worked on X.509