Ambitious. I don't know if this is technically feasible -- since Win7 and all other MS OS' seem to inevitably be dynamic (ie. big, imperfect, and thus updated with frequent patches) -- but if you build it or find it, please report back here. . I, for one, would probably buy it. . PS : McAfee, btw, bought Secure Computing, another OTP vendor and a major competitor to RSA, in 2008.

"And Jesus H. Tap Dancing Christ, what
the F is RSA doing on that list?

Getting smeared! (sigh)

The CA identified by Sotirov et al as owned by "RSA Data Security" was actually RSA's original "Secure Server Certification Authority." It was legally transferred from RSADSI to VeriSign back in 1995, when RSA spun off VeriSign as an independent entity. (Apparently the designated names of root CA can't be changed while they are operational.)

RSA, now part of EMC, still runs two root CA, both of which use SHA1 digests.

This is an all-VeriSign show. All the CAs listed as potentially vulnerable to a MD5 collision attack are owned or controlled by VeriSign.

Opps. My apologies. Peter Gutmann is a New Zealander, not an Australian. Again, humble apologies.