Comment Re:An entire generation will be thinking (Score 0, Troll) 150
Die, Dora, die!
Die, Dora, die!
Yeah, parent comment is correct. MD5 roots are not important *yet*, though they may be an issue in the future when MD5 collisions can be created arbitrarily (versus using birthday attacks).
MD5 certs anywhere in the chain (with the exception of the trusted root) mean that the certificate is suspicious *today*.
If you blacklist all CA's that use MD5 hashes in the root, you are likely safe (unless there's an unsafe intermediate somewhere).
IMHO, this needs a browser fix to mark any certificate with MD5 in its chain as potentially untrusted.
It's a problem for all websites. All you need to do is forge a certificate from Amazon that uses MD5 and redirect someone's browser via Wifi hacking or DNS redirection.
The browser doesn't know that Amazon didn't use Verisign's busted MD5 cert root.
Zing!
But nature has a lot longer than us to retaliate. It's like that creepy guy in the office you pissed off a few years ago - he's just waiting for the right time to get you back.
Like I always said: "It's always a tough choice between cure and death squad."
The answer is simple: anti-arthritis death sqauds. If you end up with arthritis, we kill you and your whole family.
It's obvious- why hasn't anyone implemented it yet?
These days, cross-browser issues fall into two camps:
- IE and everyone else
- Minor intepretations of the spec that are easy to fix
The first ones are pretty insidious - you end up tweaking things so far for IE that it breaks the standard browsers. Examples: hasLayout, iframe contentDocument, etc.
The second ones are easy to fix. Usually it's a corner case anyways.
One point four jiggapixels? One point four jiggapixels?? Great scott!
There are two ways to write error-free programs; only the third one works.