Twitter | Pretraživanje | |
Andrew Ayer 7. sij
You calculate a SHA-1 chosen prefix and you choose to attack the PGP Web-of-Trust!? Come on, forge an OCSP response from a publicly-trusted CA instead!
Reply Retweet Označi sa "sviđa mi se"
Andrew Ayer
I haven't scanned OCSP responders in a while, but I'm sure there are still CAs signing OCSP responses with SHA-1, because it was never forbidden, and CAs will keep doing something dangerous as long as it's not forbidden.
Reply Retweet Označi sa "sviđa mi se" More
Andrew Ayer 7. sij
Odgovor korisniku/ci @__agwa
Hopefully the SHA-1 OCSP responses are all signed from a sub-CA technically constrained to OCSP (as required by Mozilla policy) so it can't be used to forge an actual certificate.
Reply Retweet Označi sa "sviđa mi se"