All, Today Hanno Böck blogged about performing surgery on ASN.1-encoded RSA private keys to make them appear to correspond to a target certificate's public key, and using the franken-key file to appear to legitimately hold the private key of that target certificate.
https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html The franken-key is quite convincing to casual inspection. Always check when making trust decisions. J.C. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
