|
@__agwa | |||||
|
You calculate a SHA-1 chosen prefix and you choose to attack the PGP Web-of-Trust!? Come on, forge an OCSP response from a publicly-trusted CA instead! mail-archive.com/dev-security-p…
sha-mbles.github.io
|
||||||
|
||||||
|
Andrew Ayer
@__agwa
|
7. sij |
|
I haven't scanned OCSP responders in a while, but I'm sure there are still CAs signing OCSP responses with SHA-1, because it was never forbidden, and CAs will keep doing something dangerous as long as it's not forbidden.
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
7. sij |
|
Hopefully the SHA-1 OCSP responses are all signed from a sub-CA technically constrained to OCSP (as required by Mozilla policy) so it can't be used to forge an actual certificate.
|
||
|
|
||