Hi, > Assumes you run an updated browser, right?
I think the cert was blacklisted immediately after the publication/talk, that means at least 4 years ago. At least in IE, the auto-update may have helped. Not sure about the Fox. There really is nothing we can do for users that haven't updated since. Any 2nd Web site they may visit may exploit those old vehicles. > Blacklisting isn't part of the PKIX trust model, but a band-aid used to > fix the lack of deployed/able revocation. Tell me something new. ;-) Although in fact, the whole thing goes much deeper. A broken hash algorithm means root cert-like compromise as it means the capacity to imitate a correct signature by a root cert. There is no fix for this but blacklisting. Not in any model with TTPs, by the way. Ralph -- Ralph Holz I8 - Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ Phone +49.89.289.18043 PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
