On Wed, Sep 06, 2006, Hagai Yaffe wrote: > > I have read the advisory an I am a bit puzzled regarding the there are > CAs using exponent 3 in wide use comment, I have tried to check and > could not found any CA using this exponent, all the CA's I have seen are > using 0x10001 (CA's I have generate by OpenSSL using default values, > world wide trusted CA's such as VeriSign and Thawte etc..), I understand > that specifying CA's using exponent 3 will give specific targets to > malicious people and that is defiantly not a good idea, how ever I would > like to try and better understand the range of the problem, are only > old CA's using exponent 3 ? > > Could anyone elaborate some on this? >
I don't want to name names here but a brief study I did revealed 8 public CA root certificates which used exponent 3. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
