http://matasanochargen.disqus.com/enMon, 25 Sep 2006 15:41:48 -0000http://www.matasano.com/log/501/rsa-signature-forgery-explained-with-nate-lawson-part-iv/#comment-2320548Matt:<br><br>I'm unaware of any changes in the root certs. We won't know for another 3-6 months, my guess. It takes a while for them to make a CRL, get it into IE and Firefox, etc.<br><br>The tone we used was more one of wishful thinking than future certainty. :)NateMon, 25 Sep 2006 15:41:48 -0000http://www.matasano.com/log/501/rsa-signature-forgery-explained-with-nate-lawson-part-iv/#comment-2320547nice. :-)<br><br>I am by no means a security specialist, but I love your blog and find it VERY interesting. Keep up the excelent work.<br><br>-EmmanuelEmmanuel Leroux SandersTue, 19 Sep 2006 12:37:51 -0000http://www.matasano.com/log/501/rsa-signature-forgery-explained-with-nate-lawson-part-iv/#comment-2320546Great summary Thomas, thanks for taking the time to fill in the blanks.WilliamTue, 19 Sep 2006 10:55:51 -0000http://www.matasano.com/log/501/rsa-signature-forgery-explained-with-nate-lawson-part-iv/#comment-2320545<blockquote>However, we have started eliminating the few e=3 root certificates. That was a good idea.</blockquote><br><br>Are the commercial CAs which deployed e=3 root certs (Entrust, &lt;strike&gt;Digital Signature Trust Co.&lt;/strike&gt; IdenTrust, others?) known to be doing anything about this snafu?MattMon, 18 Sep 2006 15:57:25 -0000