> 1. Create a certificate C[ert] for a single domain you control with hash h(c). > 2. Create a second certificate A[ttack] marked as a certificate > authority such that h(C) = h(A). > 3. Have a certificate authority sign cert C > 4. Present the signature for A along with A for whatever nefarious > purpose you want.
luckily, step 2 can be done in a minute on a raspberry pi
