-
1. do I trust this party to create a measurement (this isn't that important, I suspect, as we should always verify!)
2. do I trust this party to verify the measurement?
3. do I trust this party to a…
-
**Description**
I signed an image including a timestamp from Digicert (using http://timestamp.digicert.com).
To verify that signature I had to get the TSA certificate that they publish. For exam…
-
It works on Windows, but on Linux there is a different behavior that seems actually normal, see below.
Failed tests:
- CryptoUtilsTests.TestValidateTrustChainSubAnchor() line 66
- AuthenticatorAt…
-
# Open Grant Proposal: `LOCKB0X: Chain-Agnostic File Encryption, Viewing, and Permanent Storage`
**Project Name:** LOCKB0X
**Proposal Category:** Storage
**Entity Name:** Individual
**Proposer:*…
-
The way DMDirc checks certificates is completely wrong.
It doesn't verify that the certificates presented actually chain together (the server could give a self-signed cert for itself, then an unrel…
-
First of all, thank you very much for this publication!
I couldn't resist playing around with it but I found some inconsistencies/issues/side-effects when using `CiValidateFileObject` against a cus…
-
[LE is going to switch the default certificate chain to its own ISRG Root X1 in January 2021][otf], but still offers an alternative chain to the DST Root X3. Users might want to use that since the DST…
-
When I connect to our SQL Server via SimplySQL 1.9.0 or 1.9.1, it works fine, regardless of my connection string. When I run the exact same script but specify the use of SimplySQL version 2.0.2.70 or …
-
**Github username:** --
**Twitter username:** --
**Submission hash (on-chain):** 0xdff42b8b76f2945d5968f5536a067e9dc9554799d1cd75cb4ed9f1a3de2046ab
**Severity:** low
**Description:**
**Description**…
-
> **Unnecessary word of caution:** Explicitly only for the _test cases_ involving cryptographic code paths.
An example of this might include an end-to-end "integration" test with a generated QR ima…