On 30/12/08 18:08, Nelson B Bolyard wrote:
Chris Hills wrote, On 2008-12-30 08:49:
On 30/12/08 17:47, Nelson B Bolyard wrote:
I meant to add: The paper with the real facts is seen at
http://www.win.tue.nl/hashclash/rogue-ca/
In the meantime, could a list of the affected CA's be made available so
that we may remove the trust bits from our own certificate stores?
It's in section 5.1 of that paper
Thanks. For the convenience of readers here, it reads as follows:-
RapidSSL
C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
FreeSSL (free trial certificates offered by RapidSSL)
C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network,
OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications
TC TrustCenter AG
C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data
Networks GmbH, OU=TC TrustCenter Class 3
CA/emailaddress=certific...@trustcenter.de
RSA Data Security
C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
Thawte
C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,
OU=Certification Services Division, CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
verisign.co.jp
O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International
Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY
LTD.(c)97 VeriSign
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
