On 19/07/16 15:44, Erwann Abalea wrote: > There’s no need to collide SHA2 with this scheme. > The attacker can know in advance what the serial number will be; it may > not be sequential, but is nevertheless predictable. So the attacker
But the attacker can only know the serial number when the entire remainder of the certificate is fixed. So how can they tweak it to enable the attack? If they tweak it, the serial number changes. Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
