First case is worrying, in that it means the root private key isn't offline or air-gaped. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
- RE: OCSP Responders Are An Attack Vector For SHA-1 ... Yuhong Bao
- Re: OCSP Responders Are An Attack Vector For SH... Rob Stradling
- Re: OCSP Responders Are An Attack Vector For SHA-1 ... Jakob Bohm
- RE: OCSP Responders Are An Attack Vector For SH... Peter Gutmann
- Re: OCSP Responders Are An Attack Vector For SH... Peter Bowen
- Re: OCSP Responders Are An Attack Vector For SH... Jakob Bohm
- Re: OCSP Responders Are An Attack Vector For SH... Andrew Ayer
- RE: [FORGED] Re: OCSP Responders Are An Att... Peter Gutmann
- Re: OCSP Responders Are An Attack Vect... Andrew Ayer
- Re: OCSP Responders Are An Attack Vector For SHA-1 Collision... Andrew Ayer
- OCSP Responders Are An Attack Vector For SHA-1 Collisions Erwann Abalea
- Re: OCSP Responders Are An Attack Vector For SHA-1 Collision... tomasshredder