27 Feb
2017
27 Feb
'17
4:03 a.m.
1. Create a certificate C[ert] for a single domain you control with hash h(c). 2. Create a second certificate A[ttack] marked as a certificate authority such that h(C) = h(A). 3. Have a certificate authority sign cert C 4. Present the signature for A along with A for whatever nefarious purpose you want.
luckily, step 2 can be done in a minute on a raspberry pi