On 06/04/2019 03.01, Lijun Liao via dev-security-policy wrote:
> 5. Related to how the MD5 attacks you might be right. But theoretically,
> and also in practice, if you have enough bits to play and the hash
> algorithm is not cryptographically secure, you can find a collision with
> less
On 11/04/2019 04:47, Santhan Raj wrote:
On Wednesday, April 10, 2019 at 5:53:45 PM UTC-7, Corey Bonnell wrote:
On Wednesday, April 10, 2019 at 7:41:33 PM UTC-4, Nick Lamb wrote:
(Resending after I typo'd the ML address)
At the risk of further embarrassing myself in the same week, while
True, we don't know their intentions but we can at least assume they would
need private keys to use said certificates with any properly implemented
user agent.
Ryan Hurst
(personal capacity)
On Thu, Apr 11, 2019 at 6:12 PM Peter Gutmann
wrote:
> admin--- via dev-security-policy
> writes:
>
>
admin--- via dev-security-policy writes:
>The risk here, of course, is low in that having a certificate you do not
>control a key for doesn't give you the ability to do anything.
As far as we know. Presumably someone has an interesting (mis)use for it
otherwise they wouldn't have bothered
Unfortunately, the BRs make no stipulation on how Proof of Possession is done
(https://github.com/cabforum/documents/blob/master/docs/BR.md#321-method-to-prove-possession-of-private-key).
Most CAs, in my experience, simply treat the signature on the CSR as sufficient
to demonstrate control of a
在 2019年4月11日星期四 UTC+8上午7:41:33,Nick Lamb写道:
> (Resending after I typo'd the ML address)
>
> At the risk of further embarrassing myself in the same week, while
> working further on mimicking Firefox trust decisions I found this
> pre-certificate for Arabtec Holding PJSC:
>
>
6 matches
Mail list logo
