RSA key generation vulnerability in Infineon firmware

Hi all, Today researchers announced a vulnerability they discovered in RSA keys generated by a particular piece of firmware, which allows practical factorization of the private key given just the public key. Full details of the research here: https://crocs.fi.muni.cz/public/papers/rsa_ccs17

Mozilla’s Plan for Symantec Roots

As per previous discussions and https://wiki.mozilla.org/CA:Symantec_Issues, a consensus proposal[0] was reached among multiple browser makers for a graduated distrust of Symantec roots. Here is Mozilla’s planned timeline for the graduated distrust of Symantec roots (subject to change): *

Mozilla’s Plan for Symantec Roots

As per previous discussions and https://wiki.mozilla.org/CA:Symantec_Issues, a consensus proposal[0] was reached among multiple browser makers for a graduated distrust of Symantec roots. Here is Mozilla’s planned timeline for the graduated distrust of Symantec roots (subject to change): *

Re: Mozilla’s Plan for Symantec Roots

Adding code to Firefox to support the distrust of specified subCAs seems like it would be a good long-term investment for Mozilla, as it would give Mozilla a lot more flexibility during future distrust events. -- Eric On Mon, Oct 16, 2017 at 1:32 PM, Gervase Markham via dev-security-policy <

Re: Mozilla’s Plan for Symantec Roots

On Monday, 16 October 2017 18:32:54 UTC+1, Gervase Markham wrote: > = Symantec roots to be disabled via code, *not* removed from NSS = > > GeoTrust Global CA > GeoTrust Primary Certification Authority - G2 > GeoTrust Primary Certification Authority - G3 > > = Symantec roots that will be fully

Re: Efficient test for weak RSA keys generated in Infineon TPMs / smartcards

On 16/10/17 20:01, Matthew Hardeman via dev-security-policy wrote: The authors of the paper on the weak RSA keys generated by Infineon TPMs and smart cards have published code in multiple languages / platforms that provide for an efficient test for weakness by way of the Infineon TPM bug.

Re: Efficient test for weak RSA keys generated in Infineon TPMs / smartcards

On 16/10/2017 21:01, Matthew Hardeman wrote: The authors of the paper on the weak RSA keys generated by Infineon TPMs and smart cards have published code in multiple languages / platforms that provide for an efficient test for weakness by way of the Infineon TPM bug. Perhaps this should be a

Re: SSL.com root inclusion request

Thank you to those of you who reviewed and commented on this request from SSL.com to include the “SSL.com Root Certification Authority RSA”, “SSL.com Root Certification Authority ECC”, “SSL.com EV Root Certification Authority RSA R2”, and “SSL.com EV Root Certification Authority ECC” root

Re: Mozilla’s Plan for Symantec Roots

On Mon, Oct 16, 2017 at 10:32 AM, Gervase Markham via dev-security-policy wrote: > As per previous discussions and > https://wiki.mozilla.org/CA:Symantec_Issues, a consensus proposal[0] was > reached among multiple browser makers for a graduated distrust of

Re: Efficient test for weak RSA keys generated in Infineon TPMs / smartcards

On Mon, Oct 16, 2017 at 09:14:29PM +0100, Rob Stradling via dev-security-policy wrote: > On 16/10/17 20:01, Matthew Hardeman via dev-security-policy wrote: > > The authors of the paper on the weak RSA keys generated by Infineon TPMs > > and smart cards have published code in multiple languages /