So, there is at least one top-level CA installed in some common
browsers (I checked Firefox) that uses exponent-3. It is "Starfield
Technologies Inc." "Starfield Class 2 CA". There may well be
others... I only looked far enough to determine that that was a
problem.
So the next question becomes, what browsers used OpenSSL and/or their
own broken code, and need to be patched? I have no idea.
Thanks to Alex Gantman for asking the question...
Greg.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]