On Dec 30, 4:49 pm, Chris Hills <c...@chaz6.com> wrote: > On 30/12/08 17:47, Nelson B Bolyard wrote: > > > I meant to add: The paper with the real facts is seen at > >http://www.win.tue.nl/hashclash/rogue-ca/ > > In the meantime, could a list of the affected CA's be made available so > that we may remove the trust bits from our own certificate stores?
...also note that (at least some of) Eddy Nigg's StartCom certs/ intermediates (StartCom Class 3 Primary Intermediate Free CA I've checked) are affected. The Networking4All checker confirms this for at least the *.startcom.org cert: https://www.networking4all.com/en/support/tools/site+check/?fqdn=www.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto