On Tue, Aug 16, 2016 at 10:22:36PM -0700, [email protected] wrote: > and have been issuing SHA-256 SSL certificates under "Hongkong Post e-Cert > CA 1- 14" and "Hongkong Post e-Cert CA 1 - 15" respectively
"respectively" in what sense? > This certificate is a client certificate issued to a person for private > use such as digital signature and encryption of electronic messages, but > not for SSL server communication. What mitigations are in place to prevent someone from using a chosen prefix attack to obtain a valid signature issued under this CA which is also valid for a certificate which *could* be used for SSL server communication? - Matt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
