On Fri, 22 Sep 2006 17:01:31 -0700 (PDT), Gregory Hicks
[EMAIL PROTECTED] wrote:
On Fri, Sep 22, 2006 at 11:39:51PM +, Fergie wrote:
Hmmm. It wouldn't have anything to do with prime numbers, now would
it? :-)
Well, yes, but there are an infinite number of them.
Of
On Thu, 21 Sep 2006 12:41:41 -0400, Steven M. Bellovin [EMAIL PROTECTED]
said:
Paul, what exponent does the new key use? (I clicked on the public key
link, but I can't decode the base64 that easily...)
Here's a fairly simple way to extract e:
$ for rdata in `dig dlv.isc.org. dnskey +short
On Thu, Sep 21, 2006 at 01:37:40PM -0400, Steven M. Bellovin wrote:
On 21 Sep 2006 17:01:45 +, Paul Vixie [EMAIL PROTECTED] wrote:
Paul, what exponent does the new key use? (I clicked on the public key
link, but I can't decode the base64 that easily...)
it was made with bind9's
Hmmm. It wouldn't have anything to do with prime numbers, now would
it? :-)
- ferg
-- Joseph S D Yao [EMAIL PROTECTED] wrote:
[snip]
Steve has pointed out that 3 is recommended for DNSSEC, and NIST likes
65537 [2^16 + 1]. I don't have the maths to say why, so I'll leave it
at that.
--
On Fri, Sep 22, 2006 at 11:39:51PM +, Fergie wrote:
Hmmm. It wouldn't have anything to do with prime numbers, now would
it? :-)
Well, yes, but there are an infinite number of them.
Of course, 17 is the most prime of them all.
--
Joe Yao
Date: Fri, 22 Sep 2006 19:55:39 -0400
From: Joseph S D Yao [EMAIL PROTECTED]
To: Fergie [EMAIL PROTECTED]
Cc: nanog@merit.edu
Subject: Re: fyi-- [dns-operations] early key rollover for dlv.isc.org
On Fri, Sep 22, 2006 at 11:39:51PM +, Fergie wrote:
Hmmm. It wouldn't have anything
On Fri, 22 Sep 2006 19:29:31 -0400, Joseph S D Yao [EMAIL PROTECTED]
wrote:
Not having committed the maths to heart, I might be able to explain it a
little differently.
Well, yes, I did just teach the RSA equations to my Network Security
class
--Steven M. Bellovin,
But of course.
So ask yourself; What is special about 3 and 65537?
- ferg
-- Joseph S D Yao [EMAIL PROTECTED] wrote:
On Fri, Sep 22, 2006 at 11:39:51PM +, Fergie wrote:
Hmmm. It wouldn't have anything to do with prime numbers, now would
it? :-)
Well, yes, but there are an infinite
fyi:
---BeginMessage---
EARLY KEY ROLLOVER
---
In light of the recently announced OpenSSL security advisory: RSA Signature
Forgery (CVE-2006-4339), ISC has instigated an early rollover of the DLV Key
Signing Key (KSK). ISC reccomends reconfiguration of resolvers to use the DLV
KSK published on
Paul, what exponent does the new key use? (I clicked on the public key
link, but I can't decode the base64 that easily...)
Paul Vixie wrote:
fyi:
My mail reader can sanitize HTML mail for me, but it was stymied by this
one. What is it?
--
Requiescas in pace o email
Ex turpi causa non oritur actio
http://members.cox.net/larrysheldon/
[EMAIL PROTECTED] (Paul Vixie) writes:
EARLY KEY ROLLOVER
---
In light of the recently announced OpenSSL security advisory: RSA Signature
Forgery (CVE-2006-4339), ISC has instigated an early rollover of the DLV Key
Signing Key (KSK). ISC reccomends reconfiguration of resolvers to use
On 21 Sep 2006 17:01:45 +, Paul Vixie [EMAIL PROTECTED] wrote:
Paul, what exponent does the new key use? (I clicked on the public key
link, but I can't decode the base64 that easily...)
it was made with bind9's dnssec-keygen utility, using the -e option, so...
-e use large
13 matches
Mail list logo
