Opened 16 years ago

Closed 15 years ago

#30 closed clarification (wontfix)

Reject RSA public exponent 1

Reported by: pasi.eronen@… Owned by:
Priority: minor Milestone: DISCUSS
Component: draft-ietf-tls-rfc4346-bis Version: 02
Severity: Keywords:


An old issue, but might be worth saying in the spec...

Some time ago, mozilla was modified to detect and reject RSA
keys with public exponents equal to 1.  Presumably, the
readers of this list need no explanation of the implications
of such keys.

Now, mozilla users are encountering web sites whose certs
have such keys.  At least one public CA has apparently
issued one or more such certs.

I'm reporting this here to alert the readers of this list
who may wish to ensure that their implementations detect
such keys, and to suggest that perhaps the TLS RFC should
explicitly forbid the use of any public keys (RSA or
otherwise) that facilitate such weak encryption and/or
authentication by requiring implentations to detect and
reject them.

Change History (3)

comment:1 Changed 15 years ago by ekr@…

  • Milestone set to Maybe never

comment:2 Changed 15 years ago by ekr@…

This seems likea general crypto issue.

comment:3 Changed 15 years ago by ekr@…

  • Resolution set to wontfix
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.