MD5 Considered Harmful Today - Creating A Rogue CA Certificate. The authors of this paper have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept they executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows them to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.
