Duane wrote:
Duane wrote:
anyone else see this pdf?
http://eprint.iacr.org/2005/067.pdf
more...
http://www.win.tue.nl/~bdeweger/CollidingCertificates/
My understanding following chit chat on crypto groups was that they had not been able to create the *keys* for the colliding certs - have you seen that part?
Whether they can create the keys is an open and important question. If they cannot, then the cert is useless (but annoying). If they can, then the cert is broken. In simple terms...
Perhaps you should have read the second link a little better, not only do they claim colliding keys, but actually posted them to their website...
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
