<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jan 5, 2021 at 7:34 PM Jacob Hoffman-Andrews via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org">servercert-wg@cabforum.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">On Tue, Jan 5, 2021 at 9:09 AM Rob Stradling <<a href="mailto:rob@sectigo.com" target="_blank">rob@sectigo.com</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><span style="font-size:12pt">Since I still
had a copy of my code lying around (and since there wasn't much else going on during Twixmas </span>😉<span style="font-size:12pt"> ), I figured I could turn it into a tool that's much easier for anyone to use...</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<a href="https://github.com/CVE-2008-0166" target="_blank">https://github.com/CVE-2008-0166</a></div></div></blockquote><div><br>This is excellent, Rob! Thanks for making this. So, question for the list: Assuming we satisfy ourselves (by code review and examination of the output) that these tools generate the same keys that would have been generated on an affected Debian system, are folks here supportive of normatively specifying the Debian weak key check as a tool-based approach that substitutes these tools for the current implicit tool of "a complete Debian system?"</div></div></div></blockquote><div><br></div><div>I'm not sure I understand the benefit/objective you're trying to achieve here. Maybe I'm misunderstanding, but it seems you're asking should we specify the process or the result, and it still seems like specifying the result is the correct approach, regardless of the tool the CA takes. </div></div></div>