-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good question. Confirmed on Linux version as well (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6). More information about the rogue-CA can be found here: http://www.phreedom.org/research/rogue-ca/. # openssl x509 -in MD5CollisionsInc.pem -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 66 (0x42) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1 Validity Not Before: Jul 31 00:00:01 2004 GMT Not After : Sep 2 00:00:01 2004 GMT Subject: CN=MD5 Collisions Inc. (http://www.phreedom.org/md5) Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ba:a6:59:c9:2c:28:d6:2a:b0:f8:ed:9f:46:a4: a4:37:ee:0e:19:68:59:d1:b3:03:99:51:d6:16:9a: 5e:37:6b:15:e0:0e:4b:f5:84:64:f8:a3:db:41:6f: 35:d5:9b:15:1f:db:c4:38:52:70:81:97:5e:8f:a0: b5:f7:7e:39:f0:32:ac:1e:ad:44:d2:b3:fa:48:c3: ce:91:9b:ec:f4:9c:7c:e1:5a:f5:c8:37:6b:9a:83: de:e7:ca:20:97:31:42:73:15:91:68:f4:88:af:f9: 28:28:c5:e9:0f:73:b0:17:4b:13:4c:99:75:d0:44: e6:7e:08:6c:1a:f2:4f:1b:41 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: Digital Signature, Non Repudiation, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: A7:04:60:1F:AB:72:43:08:C5:7F:08:90:55:56:1C:D6:CE:E6:38:EB X509v3 Authority Key Identifier: keyid:BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6C Netscape Comment: 3 Signature Algorithm: md5WithRSAEncryption a7:21:02:8d:d1:0e:a2:80:77:25:fd:43:60:15:8f:ec:ef:90: 47:d4:84:42:15:26:11:1c:cd:c2:3c:10:29:a9:b6:df:ab:57: 75:91:da:e5:2b:b3:90:45:1c:30:63:56:3f:8a:d9:50:fa:ed: 58:6c:c0:65:ac:66:57:de:1c:c6:76:3b:f5:00:0e:8e:45:ce: 7f:4c:90:ec:2b:c6:cd:b3:b4:8f:62:d0:fe:b7:c5:26:72:44: ed:f6:98:5b:ae:cb:d1:95:f5:da:08:be:68:46:b1:75:c8:ec: 1d:8f:1e:7a:94:f1:aa:53:78:a2:45:ae:54:ea:d1:9e:74:c8: 76:67 Mike Duncan ISSO, Application Security Specialist Government Contractor with STG, Inc. NOAA :: National Climatic Data Center On 03/19/2010 04:22 PM, Francis Litterio wrote: > In Firefox 3.6 for Windows, go to Tools -> Options -> Advanced -> Encryption -> > View Certificates -> Authorities and scroll down to the entry for "Equifax > Secure Inc." and you'll see a cert labeled "MD5 Collisions Inc > (http://www.phreedom.org/md5)" grouped with the other Equifax certs. > > Yes, it's expired, so it poses no real threat, but why is the Mozilla Project > shipping Firefox with that cert? It just causes FUD. > -- > Fran > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkunqlwACgkQnvIkv6fg9hZ9xgCeN2pHJd7cR/K0XoLAI4MKSR7P 6TsAn2gJ5czYDikEK25OcVsZngS/lGIN =xb7R -----END PGP SIGNATURE-----
