[Security] Rogue CAs

Ralph J.Mayer rmayer at vinotech.de
Wed Dec 31 10:58:23 CST 2008


> I sort of agree with this. Remember that this is a collision attack, so
> it's only useful to the extent to which CAs continue to issue certificates
> with MD5. My understanding is that all the remaining such CAs are
> phasing it out *very* quickly if they haven't already done so.

We'll see if they learned their lesson when sha1 is as broken as md5.


rm


More information about the Security mailing list