this
> attack, which creates two new docs with a new hash, to do, well, anything?
1. Create a certificate C[ert] for a single domain you control with hash h(c).
2. Create a second certificate A[ttack] marked as a certificate
authority such that h(C) = h(A).
3. Have a certificate authority sign cert C
4. Present the signature for A along with A for whatever nefarious
purpose you want.
See a similar version of this attack here using MD5 chosen-prefix
collision attack: https://www.win.tue.nl/hashclash/rogue-ca/
--
Eitan Adler
cache will be stale at this point)?
If clients can't get one TTL correct what makes you think they will
get a more complicated two TTL system correct?
--
Eitan Adler
chain of DNS resolution and caching down to
the browser.
--
Eitan Adler
On 10 April 2016 at 12:33, wrote:
> Who cares what his motivations are unless he asks for help with that
> underlying problem?
See Also: http://xyproblem.info/
--
Eitan Adler
?
>
> I looked at PagerDuty, but they don't do any SNMP trap parsing, and nothing
> with set/clear.
https://github.com/dropbox/trapperkeeper ?
--
Eitan Adler
> See Ken Thompson's classic paper "Reflections on trusting trust",
Also see David A Wheeler's "Countering Trusting Trust through Diverse
Double-Compiling"
--
Eitan Adler
6 matches
Mail list logo
