I was recently sitting downstream of a Deutsche Telekom Speedport router and noticed that it used a certificate signed by a commercial CA (issued to the wrong name and expired, but that's another story). The fact that it's a commercial CA cert indicates that there's only one of them for all Speedport devices, which in turn indicates that they all share the same private key.
Has anyone looked into this further? I lost access to the Speedport shortly after I noticed this. (Hat tip to Blake Ramsdell for the term "lesser-known public key"). Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography