So, there is at least one top-level CA installed in some common browsers (I checked Firefox) that uses exponent-3. It is "Starfield Technologies Inc." "Starfield Class 2 CA". There may well be others... I only looked far enough to determine that that was a problem.

So the next question becomes, what browsers used OpenSSL and/or their own broken code, and need to be patched? I have no idea.

Thanks to Alex Gantman for asking the question...

Greg.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to