![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
Opened 16 years ago
Closed 15 years ago
#30 closed clarification (wontfix)
Reject RSA public exponent 1
| Reported by: | pasi.eronen@… | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | DISCUSS |
| Component: | draft-ietf-tls-rfc4346-bis | Version: | 02 |
| Severity: | Keywords: | ||
| Cc: |
Description
An old issue, but might be worth saying in the spec...
http://www.imc.org/ietf-pkix/old-archive-04/msg00003.html
Some time ago, mozilla was modified to detect and reject RSA keys with public exponents equal to 1. Presumably, the readers of this list need no explanation of the implications of such keys. Now, mozilla users are encountering web sites whose certs have such keys. At least one public CA has apparently issued one or more such certs. I'm reporting this here to alert the readers of this list who may wish to ensure that their implementations detect such keys, and to suggest that perhaps the TLS RFC should explicitly forbid the use of any public keys (RSA or otherwise) that facilitate such weak encryption and/or authentication by requiring implentations to detect and reject them.
Change History (3)
comment:2 Changed 15 years ago by ekr@…
This seems likea general crypto issue.
comment:3 Changed 15 years ago by ekr@…
- Resolution set to wontfix
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
