[Top] [All Lists]

Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

2009-01-05 09:34:40
Ben Laurie wrote:

I am not suggesting that we should fix X.509, I am pointing out, in my
own roundabout way, that X.509 certs are supposed to have a canonical
form. But it seems they do not.

That was last month's major discussion on PKIX. The upshot: there's no canonical form other than what's in memory.

-- Tim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature