You calculate a SHA-1 chosen prefix and you choose to attack the PGP Web-of-Trust!? Come on, forge an OCSP response from a publicly-trusted CA instead! https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg02999.html … https://sha-mbles.github.io/
-
-
Hi Andrew, I understood that the Ocsp answer must be issued from the same sub-ca that issues the final certificate... Is your sentence 100% correct? Thanks!
-
Yes, I'm correct. See Section 2.6 of RFC6960.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.