[Security] Rogue CAs
Jonathan Schleifer
js-xmpp-security at webkeks.org
Wed Dec 31 11:52:11 CST 2008
"Eric Rescorla" <ekr at rtfm.com> wrote:
> It seems to me that this goes to the heart of whether this is a
> serious threat or
> just a demonstration. So, again: are you aware of a CA which is
> widely trusted and is actually vulnerable to this form of collision
> attack?
As said before, that doesn't even matter much whether they fixed it or
now, as the old root CAs are still out there and there are not working
revocation lists.
--
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20081231/706acff6/attachment.pgp
More information about the Security
mailing list