@cybergibbons > we currently do not think that such an attack would be useful at all. When you've been caught thinking it's OK to distribute the private key for a CA signed cert, what you think about the applicability of an attack doesn't carry a lot of weight. It's quite a grudging post