> On Feb 24, 2016, at 11:07 AM, Ryan Sleevi <[email protected]> wrote: > > > On Feb 24, 2016 10:56 AM, "Jeremy Rowley" <[email protected] > <mailto:[email protected]>> wrote: > > > > I’ve been playing around with Peter Bowen’s certlint (an excellent tool) > > and, looking at the cert universe as a whole, there are some noticeable > > issues with the BRs and RFC 5280 that I though merited a public CAB Forum > > discussion. Some of this is likely me not knowing the entire history of > > 5280, so I appreciated any explanation. If there’s exceptions we would like > > to make to RFC5280, we should probably also push a bis with IETF at the > > same time. > > > > > > > > > 3) Years ago, we discussed that 2047 bit certs were equivalent to 2048 > > bit certs (although the discussion may have occurred solely on the Mozilla > > mailing list). We should codify this exception. > > IMO, this is a giant hack that browsers did because CAs have trouble counting > (see also: serial numbers), which itself is a statement that the underlying > libraries played a very liberal definition. > > I would prefer not. > >
I think there is a misunderstanding here. There has never been a requirement that the modulus contain a certain number of bits set to ‘1’. What is required is that the modulus be a 2048-bit number. The problem is that a 2048-bit number can have one or more of the high order bits being zero. When calculating the modulus “size”, all an observer can do find the left-most bit set to ‘1’ and use that. RSA moduli normally are the product of two prime numbers. OpenSSL and some other generating tools have a function that makes the top bit of each prime number to be 1 which ensures the result will have the top bit set to 1. However a random prime could be smaller, resulting in a smaller results. Thanks, Peter
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
