"Eric Rescorla" <[email protected]> wrote: > It seems to me that this goes to the heart of whether this is a > serious threat or > just a demonstration. So, again: are you aware of a CA which is > widely trusted and is actually vulnerable to this form of collision > attack?
As said before, that doesn't even matter much whether they fixed it or now, as the old root CAs are still out there and there are not working revocation lists. -- Jonathan
signature.asc
Description: PGP signature
