On Fri, Sep 13, 2013 at 10:51 PM, Kurt Roeckx wrote: > A self-signed cert's signature algorithm really isn't that > important. You either trust that cert or you don't. Surely this work would apply to self-signed certs too? http://www.win.tue.nl/hashclash/rogue-ca/ -- bye, pabs http://wiki.debian.org/PaulWise