http://matasanochargen.disqus.com/enMon, 25 Sep 2006 15:41:48 -0000http://www.matasano.com/log/501/rsa-signature-forgery-explained-with-nate-lawson-part-iv/#comment-2320548<p>Matt:</p><p>I'm unaware of any changes in the root certs. We won't know for another 3-6 months, my guess. It takes a while for them to make a CRL, get it into IE and Firefox, etc.</p><p>The tone we used was more one of wishful thinking than future certainty. :)</p>NateMon, 25 Sep 2006 15:41:48 -0000http://www.matasano.com/log/501/rsa-signature-forgery-explained-with-nate-lawson-part-iv/#comment-2320547<p>nice. :-)</p><p>I am by no means a security specialist, but I love your blog and find it VERY interesting. Keep up the excelent work.</p><p>-Emmanuel</p>Emmanuel Leroux SandersTue, 19 Sep 2006 12:37:51 -0000http://www.matasano.com/log/501/rsa-signature-forgery-explained-with-nate-lawson-part-iv/#comment-2320546<p>Great summary Thomas, thanks for taking the time to fill in the blanks.</p>WilliamTue, 19 Sep 2006 10:55:51 -0000http://www.matasano.com/log/501/rsa-signature-forgery-explained-with-nate-lawson-part-iv/#comment-2320545<blockquote>However, we have started eliminating the few e=3 root certificates. That was a good idea.</blockquote><p></p><p>Are the commercial CAs which deployed e=3 root certs (Entrust, <strike>Digital Signature Trust Co.</strike> IdenTrust, others?) known to be doing anything about this snafu?</p>MattMon, 18 Sep 2006 15:57:25 -0000