<div dir="ltr">When it's ready, Mozilla will endorse.<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Sep 20, 2021 at 4:38 PM Christopher Kemmerer <<a href="mailto:chris@ssl.com">chris@ssl.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

  
  <div>
    <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">Thanks, Ben. We are
      reviewing this section (and the entire proposed ballot) and
      revising for clarity.<br>
      <br>
      Chris K<br>
    </div>
    <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
    </div>
    <div>On 9/14/2021 11:14 AM, Ben Wilson
      wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">
        <div>Is there a missing "and" in the following list?  Can this
          language be clarified?<br>
        </div>
        <div><br>
        </div>
        <div>
          <pre>6.1.1.4 Subscriber Key Pair Parameters

The CA SHALL reject keys (per 6.1.1.3(b)) if the following parameters apply:

i) Big-endian 32-bit, little-endian 32-bit, and little-endian 64-bit architecture;

ii) Process ID of 0 to 32767, inclusive;

iii) All RSA Public Key lengths supported by the CA;

iv) rnd, nornd, and noreadrnd OpenSSL random file state.</pre>
        </div>
        <div><br>
        </div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Thu, Sep 2, 2021 at 2:53 PM
          Chris Kemmerer via Servercert-wg <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div dir="ltr">
            <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
              <div style="font-size:12pt">Thanks for the endorsement and
                suggested changes, Rob. The updated language below
                incorporates these, thus adding a Section 6.1.1.4 and
                moving the key parameters therein.<br>
                <br>
                We welcome input from the community and are seeking a
                second endorser.<br>
                <br>
                Chris K<br>
                <br>
                =====<br>
                <br>
                SCXX Ballot proposal: Debian Weak keys
                <div><br>
                </div>
                <div>NOTE: Edited per latest (20210824) RS suggestion,
                  see new section 6.1.1.4.</div>
                <div><br>
                  -----<br>
                </div>
                <div><br>
                </div>
                <div>--- Motion Begins ---</div>
                <div><br>
                </div>
                <div>This ballot modifies the “Baseline Requirements for
                  the Issuance and Management of Publicly-Trusted
                  Certificates” as follows, based on Version 1.7.9:</div>
                <div><br>
                </div>
                <div><b>Proposed ballot language:</b></div>
                <div><br>
                </div>
                <div>4.9.1.1 Reasons for Revoking a Subscriber
                  Certificate</div>
                <div> </div>
                <div><b>REPLACE:</b></div>
                <div><br>
                </div>
                <div>4. The CA is made aware of a demonstrated or proven
                  method that can easily compute the Subscriber’s
                  Private Key based on the Public Key in the Certificate
                  (such as a Debian weak key, see <a href="https://wiki.debian.org/SSLkeys" target="_blank">https://wiki.debian.org/SSLkeys</a>)</div>
                <div><br>
                </div>
                <div><b>With:</b></div>
                <div><br>
                </div>
                <div>4. The CA is made aware of a demonstrated or proven
                  method that can easily compute the Subscriber’s
                  Private Key (such as those identified in 6.1.1.3(4)).</div>
                <div><br>
                </div>
                <div>---</div>
                <div><br>
                </div>
                <div>6.1.1.3. Subscriber Key Pair Generation</div>
                <div><br>
                </div>
                <div><b>REPLACE:</b></div>
                <div><br>
                </div>
                <div>The CA SHALL reject a certificate request if one or
                  more of the following conditions are met:</div>
                <div><br>
                </div>
                <div>1. The Key Pair does not meet the requirements set
                  forth in Section 6.1.5 and/or Section 6.1.6;</div>
                <div><br>
                </div>
                <div>2. There is clear evidence that the specific method
                  used to generate the Private Key was flawed;</div>
                <div><br>
                </div>
                <div>3. The CA is aware of a demonstrated or proven
                  method that exposes the Applicant's Private Key to
                  compromise;</div>
                <div><br>
                </div>
                <div>4. The CA has previously been made aware that the
                  Applicant's Private Key has suffered a Key Compromise,
                  such as through the provisions of Section 4.9.1.1;</div>
                <div><br>
                </div>
                <div>5. The CA is aware of a demonstrated or proven
                  method to easily compute the Applicant's Private Key
                  based on the Public Key (such as a Debian weak key,
                  see <a href="https://wiki.debian.org/SSLkeys" target="_blank">https://wiki.debian.org/SSLkeys</a>).</div>
                <div><br>
                </div>
                <div><b>With:</b></div>
                <div><br>
                </div>
                <div>The CA SHALL reject a certificate request if one or
                  more of the following occurs:</div>
                <div><br>
                </div>
                <div>1) The requested Public Key does not meet the
                  requirements set forth in Sections 6.1.5 and/or 6.1.6;</div>
                <div><br>
                </div>
                <div>2) The CA is aware of a demonstrated or proven
                  method that exposes the Subscriber's Private Key to
                  compromise;</div>
                <div><br>
                </div>
                <div>3) The CA has previously been made aware that the
                  Subscriber's Private Key has suffered a Key
                  Compromise, such as through the provisions of Section
                  4.9.1.1;</div>
                <div><br>
                </div>
                <div>4) The Public Key corresponds to an industry
                  demonstrated weak Private Key, in particular:</div>
                <div><br>
                </div>
                <div>a) In the case of ROCA vulnerability, the CA SHALL
                  reject keys identified by the tools available at <a href="https://github.com/crocs-muni/roca" target="_blank">https://github.com/crocs-muni/roca</a>
                  or equivalent.</div>
                <div><br>
                </div>
                <div>b) In the case of Debian weak keys (<a href="https://wiki.debian.org/SSLkeys" target="_blank">https://wiki.debian.org/SSLkeys</a>),
                  the CA SHALL reject keys generated by the flawed
                  OpenSSL version with the combination of the parameters
                  described in 6.1.1.4.<br>
                  <br>
                  <b>ADD:</b><br>
                </div>
                <div><br>
                </div>
                <div>6.1.1.4 Subscriber Key Pair Parameters</div>
                <div><br>
                </div>
                <div>The CA SHALL reject keys (per 6.1.1.3(b)) if the
                  following parameters apply:
                </div>
                <div><br>
                </div>
                <div>i) Big-endian 32-bit, little-endian 32-bit, and
                  little-endian 64-bit architecture;</div>
                <div><br>
                </div>
                <div>ii) Process ID of 0 to 32767, inclusive;</div>
                <div><br>
                </div>
                <div>iii) All RSA Public Key lengths supported by the
                  CA;</div>
                <div><br>
                </div>
                <div>iv) rnd, nornd, and noreadrnd OpenSSL random file
                  state.</div>
                <div><br>
                </div>
                <div>These are some suggested tools that CAs MAY use to
                  obtain lists of Debian weak keys:</div>
                <div><br>
                </div>
                <div>  - <a href="https://github.com/CVE-2008-0166" target="_blank">https://github.com/CVE-2008-0166</a>
                  provides a generator, for the complete set of
                  parameters listed above, that runs on any modern
                  64-bit Linux system; it also provides complete sets of
                  pregenerated keys for the most common RSA key sizes.</div>
                <div>  - <a href="https://github.com/HARICA-official/debian-weak-keys" target="_blank">https://github.com/HARICA-official/debian-weak-keys</a>
                  provides a generator, for a subset of the parameters
                  listed above, that can take advantage of a computer
                  cluster.</div>
                <div><br>
                </div>
                --- Motion Ends --- </div>
              <br>
            </div>
            <div>
              <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
              </div>
              <hr style="display:inline-block;width:98%">
              <div id="gmail-m_-3798143528580690523gmail-m_6461232490569725619divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri,
                  sans-serif" color="#000000"><b>From:</b> Rob Stradling
                  <<a href="mailto:rob@sectigo.com" target="_blank">rob@sectigo.com</a>><br>
                  <b>Sent:</b> Tuesday, August 24, 2021 4:01 PM<br>
                  <b>To:</b> Chris Kemmerer <<a href="mailto:chris@ssl.com" target="_blank">chris@ssl.com</a>>;
                  Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr" target="_blank">dzacharo@harica.gr</a>>;
                  CA/B Forum Server Certificate WG Public Discussion
                  List <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>;
                  Jacob Hoffman-Andrews <<a href="mailto:jsha@letsencrypt.org" target="_blank">jsha@letsencrypt.org</a>><br>
                  <b>Subject:</b> Re: [Servercert-wg] SCXX Ballot
                  proposal: Debian Weak keys</font>
                <div> </div>
              </div>
              <div dir="ltr">
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">Hi
                  Christopher.</div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                </div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">> We
                  would still like to determine the best way to direct
                  CAs to the weak key populations assembled through the
                  work of yourself and HARICA.</div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                </div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">Here's
                  my suggestion...</div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                </div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">Change...</div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><i>"b)
                    In the case of Debian weak keys (<a href="https://wiki.debian.org/SSLkeys" target="_blank">https://wiki.debian.org/SSLkeys</a>),
                    the CA SHALL reject at least keys generated by the
                    flawed OpenSSL version with the combination of the
                    following parameters:"</i></div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">...to...</div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><i>"<span style="background-color:rgb(255,255,255);display:inline">b) In the case
                      of Debian weak keys (<a href="https://wiki.debian.org/SSLkeys" target="_blank">https://wiki.debian.org/SSLkeys</a>),
                      the CA SHALL reject at least keys generated by the
                      flawed OpenSSL version with the combination of the
                      parameters listed in section 6.1.1.4."</span></i></div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                </div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">Move
                  the list of parameters (<i>"i) Big-endian
                    32-bit...random file state"</i>) into a new section
                  6.1.1.4, entitled
                  <i>"Debian weak keys (CVE-2008-0166)"</i>.</div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                </div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">At
                  the end of the new section 6.1.1.4, add this text...</div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><i>"These
                    are some suggested tools that CAs MAY use to obtain
                    lists of Debian weak keys:</i></div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><i> 
                    - <a href="https://github.com/CVE-2008-0166" target="_blank">https://github.com/CVE-2008-0166</a> provides
                    a generator, for the complete set of parameters
                    listed above, that runs on any <span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt">modern
                      64-bit Linux system; it also provides complete
                      sets of pregenerated keys for the most common RSA
                      key sizes.</span></i></div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><i><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt"> 
                      - <a href="https://github.com/HARICA-official/debian-weak-keys" target="_blank">https://github.com/HARICA-official/debian-weak-keys</a> provides
                      a generator, for a subset of the parameters listed
                      above, that can take advantage of a computer
                      cluster."</span></i></div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                </div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">> We
                  believe this proposal offers clearer guidance on this
                  matter than the current BR language, and is an
                  opportunity to make an ecosystem-wide improvement in
                  CA practices.</div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                </div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">I
                  agree.  I'd be happy to endorse.</div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                </div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">>
                  (NOTE: Edited per RS suggestion, updated version
                  number to 1.7.9, but still currently directs to <a href="http://debian.org" target="_blank">debian.org</a> resource)<br>
                </div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                </div>
                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">I
                  think it's still valuable to mention <a href="https://wiki.debian.org/SSLkeys" style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt" target="_blank">https://wiki.debian.org/SSLkeys</a>.</div>
                <div>
                  <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                  </div>
                  <hr style="display:inline-block;width:98%">
                  <div id="gmail-m_-3798143528580690523gmail-m_6461232490569725619x_divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b>
                      Christopher Kemmerer <<a href="mailto:chris@ssl.com" target="_blank">chris@ssl.com</a>><br>
                      <b>Sent:</b> 18 August 2021 22:37<br>
                      <b>To:</b> Rob Stradling <<a href="mailto:rob@sectigo.com" target="_blank">rob@sectigo.com</a>>;
                      Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr" target="_blank">dzacharo@harica.gr</a>>;
                      CA/B Forum Server Certificate WG Public Discussion
                      List <<a href="mailto:servercert-wg@cabforum.org" target="_blank">servercert-wg@cabforum.org</a>>;
                      Jacob Hoffman-Andrews <<a href="mailto:jsha@letsencrypt.org" target="_blank">jsha@letsencrypt.org</a>><br>
                      <b>Subject:</b> Re: [Servercert-wg] SCXX Ballot
                      proposal: Debian Weak keys</font>
                    <div> </div>
                  </div>
                  <div>
                    <p style="margin-top:0px;margin-bottom:0px">
                    </p>
                    <div style="background-color:rgb(250,250,3);width:100%;border-style:solid;border-color:rgb(0,0,0);border-width:1pt;padding:2pt;font-size:10pt;line-height:12pt;font-family:"Calibri";color:black;text-align:left"><span>CAUTION:</span>
                      This email originated from outside of the
                      organization. Do not click links or open
                      attachments unless you recognize the sender and
                      know the content is safe.</div>
                    <br>
                    <p style="margin-top:0px;margin-bottom:0px">
                    </p>
                    <div>
                      <p style="margin-top:0px;margin-bottom:0px">
                        Hello Rob,<br>
                        <br>
                        Thanks for the useful suggestion. We've amended
                        our proposed ballot language accordingly.<br>
                        <br>
                        We would still like to determine the best way to
                        direct CAs to the weak key populations assembled
                        through the work of yourself and HARICA.<br>
                        <br>
                        On the broader question of how to proceed, we
                        see three options for community consideration:<br>
                        <br>
                        - Carry forward with this proposed ballot;<br>
                        - Consider adding this language to a future
                        cleanup ballot; or<br>
                        - Declaring that current language and guidance
                        are sufficient.<br>
                        <br>
                        To recap, the ur-issue is itself from 2006-2008,
                        our initial request for input on this matter was
                        made in April 2020 and this ballot language has
                        been under (sporadic) discussion since December
                        2020. Given the narrow focus of the issue
                        itself, this could certainly be considered a low
                        priority, and thus wrapped into a future cleanup
                        ballot (rather than undergoing a separate ballot
                        procedure).<br>
                        <br>
                        However, we note that the impetus for this
                        ballot discussion was failure of a
                        publicly-trusted CA to prevent issuance of a
                        certificate using a Debian weak key in March
                        2020. We aim to ensure this doesn't happen again
                        by clear delineation of expected practices (and
                        direction to appropriate resources) in our
                        Baseline Requirements.<br>
                        <br>
                        We believe this proposal offers clearer guidance
                        on this matter than the current BR language, and
                        is an opportunity to make an ecosystem-wide
                        improvement in CA practices.<br>
                        <br>
                        We hope to discuss this in our regular call and
                        very much welcome community input.<br>
                        <br>
                        Regards,<br>
                        <br>
                        Chris K<br>
                        <br>
                        =====<br>
                        <br>
                        SCXX Ballot proposal: Debian Weak keys<br>
                        <br>
                        (NOTE: Edited per RS suggestion, updated version
                        number to 1.7.9, but still currently directs to
                        <a href="http://debian.org" target="_blank">debian.org</a>
                        resource)<br>
                        <br>
                        =====<br>
                        <br>
                        --- Motion Begins --- <br>
                        <br>
                        This ballot modifies the “Baseline Requirements
                        for the Issuance and Management of
                        Publicly-Trusted Certificates” as follows, based
                        on Version 1.7.9:
                        <br>
                        <br>
                        Proposed ballot language: <br>
                        <br>
                        4.9.1.1 Reasons for Revoking a Subscriber
                        Certificate <br>
                         <br>
                        Replace: <br>
                        <br>
                        4. The CA is made aware of a demonstrated or
                        proven method that can easily compute the
                        Subscriber’s Private Key based on the Public Key
                        in the Certificate (such as a Debian weak key,
                        see
                        <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427569064%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=m74Sjypff4KqXQuZUrdozdOB8N9TmwCh%2F%2BzJpjUwl9w%3D&reserved=0" target="_blank">
                          https://wiki.debian.org/SSLkeys</a>) <br>
                        <br>
                        With: <br>
                        <br>
                        4. The CA is made aware of a demonstrated or
                        proven method that can easily compute the
                        Subscriber’s Private Key (such as those
                        identified in 6.1.1.3(4)).
                        <br>
                        <br>
                        --- <br>
                        <br>
                        6.1.1.3. Subscriber Key Pair Generation <br>
                        <br>
                        Replace: <br>
                        <br>
                        The CA SHALL reject a certificate request if one
                        or more of the following conditions are met:
                        <br>
                        <br>
                        1. The Key Pair does not meet the requirements
                        set forth in Section 6.1.5 and/or Section 6.1.6;
                        <br>
                        <br>
                        2. There is clear evidence that the specific
                        method used to generate the Private Key was
                        flawed;
                        <br>
                        <br>
                        3. The CA is aware of a demonstrated or proven
                        method that exposes the Applicant's Private Key
                        to compromise;
                        <br>
                        <br>
                        4. The CA has previously been made aware that
                        the Applicant's Private Key has suffered a Key
                        Compromise, such as through the provisions of
                        Section 4.9.1.1;
                        <br>
                        <br>
                        5. The CA is aware of a demonstrated or proven
                        method to easily compute the Applicant's Private
                        Key based on the Public Key (such as a Debian
                        weak key, see
                        <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427569064%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=m74Sjypff4KqXQuZUrdozdOB8N9TmwCh%2F%2BzJpjUwl9w%3D&reserved=0" target="_blank">
                          https://wiki.debian.org/SSLkeys</a>). <br>
                        <br>
                        With: <br>
                        <br>
                        The CA SHALL reject a certificate request if one
                        or more of the following occurs:
                        <br>
                        <br>
                        1) The requested Public Key does not meet the
                        requirements set forth in Sections 6.1.5 and/or
                        6.1.6;
                        <br>
                        <br>
                        2) The CA is aware of a demonstrated or proven
                        method that exposes the Subscriber's Private Key
                        to compromise;
                        <br>
                        <br>
                        3) The CA has previously been made aware that
                        the Subscriber's Private Key has suffered a Key
                        Compromise, such as through the provisions of
                        Section 4.9.1.1;
                        <br>
                        <br>
                        4) The Public Key corresponds to an industry
                        demonstrated weak Private Key, in particular:
                        <br>
                        <br>
                        a) In the case of ROCA vulnerability, the CA
                        SHALL reject keys identified by the tools
                        available at
                        <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcrocs-muni%2Froca&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427579016%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AEwR7%2BOcyMNbJ5kqWebySDmtRO2PqoIFELJc4BD7ESA%3D&reserved=0" target="_blank">
                          https://github.com/crocs-muni/roca</a> or
                        equivalent. <br>
                        <br>
                        b) In the case of Debian weak keys (<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427579016%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=WPJ6yy8T0U3kPKwISrWNjJDP5rIgwcVr6ZsSXAQEYsk%3D&reserved=0" target="_blank">https://wiki.debian.org/SSLkeys</a>),
                        the CA SHALL reject at least keys generated by
                        the flawed OpenSSL version with the combination
                        of the following parameters:
                        <br>
                        <br>
                        i) Big-endian 32-bit, little-endian 32-bit, and
                        little-endian 64-bit architecture;
                        <br>
                        <br>
                        ii) Process ID of 0 to 32767, inclusive; <br>
                        <br>
                        iii) All RSA Public Key lengths supported by the
                        CA; <br>
                        <br>
                        iv) rnd, nornd, and noreadrnd OpenSSL random
                        file state.<br>
                        <br>
                        --- Motion Ends --- <br>
                        <br>
                        =====<br>
                        <br>
                      </p>
                      <div>On 5/13/2021 9:42 AM, Rob Stradling wrote:<br>
                      </div>
                      <blockquote type="cite">
                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt">> </span><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt">iii)
                            All RSA Public Key lengths supported by the
                            CA up to and including 4096 bits;</span><br>
                        </div>
                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">>
                          ...</div>
                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">> For
                          Debian weak keys not covered above, the CA
                          SHALL take actions to minimize the probability
                          of certificate issuance.
                        </div>
                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                        </div>
                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">Hi
                          Christopher.  What sort of "actions" are
                          envisaged here?  If a CA is processing a
                          certificate request that contains a (for
                          example) RSA-4088 public key (i.e., a key size
                          not covered by an available Debian weak list),
                          either the CA is going to issue the cert or
                          they're not.  What, concretely, does "minimize
                          the probability of certificate issuance"
                          actually mean?</div>
                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                        </div>
                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">Why
                          not remove that "SHALL" sentence and change
                          point iii to: "<span style="background-color:rgb(255,255,255);display:inline">iii)
                            All RSA Public Key lengths supported by the
                            CA." ?</span></div>
                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                        </div>
                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">BTW,
                          in case it helps, I'm about half way through
                          generating a full set of RSA-8192 Debian weak
                          keys, which (when complete) I'll add to the
                          <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCVE-2008-0166&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427579016%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4KW%2B7pMSqy83ufpoU3K3ArV76KZGerZuKn%2FDPUQzH00%3D&reserved=0" target="_blank">
                            https://github.com/CVE-2008-0166</a> repositories.</div>
                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                        </div>
                        <div>
                          <hr style="display:inline-block;width:98%">
                          <div id="gmail-m_-3798143528580690523gmail-m_6461232490569725619x_x_divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b>
                              Christopher Kemmerer
                              <a href="mailto:chris@ssl.com" target="_blank"><chris@ssl.com></a><br>
                              <b>Sent:</b> 13 May 2021 15:12<br>
                              <b>To:</b> Rob Stradling <a href="mailto:rob@sectigo.com" target="_blank">
                                <rob@sectigo.com></a>; Dimitris
                              Zacharopoulos (HARICA) <a href="mailto:dzacharo@harica.gr" target="_blank">
                                <dzacharo@harica.gr></a>; CA/B
                              Forum Server Certificate WG Public
                              Discussion List
                              <a href="mailto:servercert-wg@cabforum.org" target="_blank"><servercert-wg@cabforum.org></a>;
                              Jacob Hoffman-Andrews
                              <a href="mailto:jsha@letsencrypt.org" target="_blank"><jsha@letsencrypt.org></a><br>
                              <b>Subject:</b> Re: [Servercert-wg] SCXX
                              Ballot proposal: Debian Weak keys</font>
                            <div> </div>
                          </div>
                          <div>
                            <div style="background-color:rgb(250,250,3);width:100%;border-style:solid;border-color:rgb(0,0,0);border-width:1pt;padding:2pt;font-size:10pt;line-height:12pt;font-family:"Calibri";color:black;text-align:left"><span>CAUTION:</span>
                              This email originated from outside of the
                              organization. Do not click links or open
                              attachments unless you recognize the
                              sender and know the content is safe.</div>
                            <br>
                            <div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>Hello,</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
                                    <br>
                                  </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>We deeply
                                      appreciate the useful discussion
                                      in this thread regarding this
                                      issue. We especially applaud the
                                      efforts of HARICA and
                                    </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>Sectigo</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span> to independently
                                      generate more comprehensive lists
                                      of potentially affected Debian
                                      weak keys. As Rob Stradling
                                      observed through his crt.sh
                                      research (20210107,
                                      <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgist.github.com%2Frobstradling%2Fa5590b6a13218fe561dcb5d5c67932c5&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427588972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=n08L%2Bixwwtr4CPIVRKVN4hFbUQBCY9Hn1rMxDbr4fxE%3D&reserved=0" target="_blank">
https://gist.github.com/robstradling/a5590b6a13218fe561dcb5d5c67932c5</a>)
                                      of the five most utilized
                                      algorithm/key size populations,
                                      two are ECC (so not impacted by
                                      the Debian weak key issue) and
                                      three are RSA (</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>2048, 4096, and
                                      3072 bit</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span> length, in that
                                      order).</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
                                    <br>
                                  </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>As of their most
                                      recent messages it appears that
                                      these two organizations have
                                      independently generated
                                      comprehensive lists identifying
                                      all RSA-</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>2048 and -4096
                                      bit</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span> length keys. (We
                                    </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>understand</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span> RSA-3072 length
                                      keys</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span> are also </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>available</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>.) This offers
                                      the possibility that complete
                                      lists, if accepted as
                                      authoritative, could be accessed
                                      by the community to help prevent
                                      exploitation of this
                                      vulnerability.</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
                                    <br>
                                  </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>It was also noted
                                      (by the representative from </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>Let's</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span> Encrypt) that
                                      the ROCA vulnerability is
                                      presently identified through use
                                      of a tool supported externally. It
                                      was suggested that this resource
                                      be archived in a manner that
                                      ensures availability. (Our
                                      proposed language points to "<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcrocs-muni%2F&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427588972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=N6HcZbwZZTdkY5lknnq8deftRy5neQ%2BIISeDzJQzxNs%3D&reserved=0" target="_blank">https://github.com/crocs-muni/</a></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>roca</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span> or equivalent.")</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
                                    <br>
                                  </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>We think our
                                      present ballot language
                                      (reproduced at the end of this
                                      message) provides appropriately
                                      focused guidance to CAs. If
                                      available,
                                    </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>we'd</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span> certainly like
                                      to also see the HARICA/</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>Sectigo</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span> lists (which CAs
                                      could use for the majority of
                                      Debian weak key use cases)
                                      captured somewhere in this ballot
                                      language. We are agnostic as to 1)
                                      where exactly these resources
                                      might be maintained and 2) where
                                      this ballot places directions to
                                      these resources - an annex to the
                                      current requirements, a separate
                                      CA/BF guidance document or within
                                      Sections <a href="http://4.9.1.1/6.1.1.3" target="_blank">4.9.1.1/6.1.1.3</a>.</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
                                    <br>
                                  </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>Our intent is to
                                      ensure that 1) clear, accurate
                                      guidance on CA expectations is
                                      provided and 2) any resources
                                      assisting CAs in meeting these
                                      expectations are fully described,
                                      publicly available (somewhere) and
                                      with reliable links provided. The
                                      language below, we feel, meets the
                                      first requirement. </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>We'd</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span> appreciate input
                                      on how to best meet the second.
                                      (Note that SSL.com would be happy
                                      to support the community by
                                      hosting any of these as
                                    </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>publicly
                                      accessible</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span> resources,
                                      whether solo or alongside other
                                      organizations.)</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
                                    <br>
                                  </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>Chris K</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>SSL.com</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
                                    <br>
                                  </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>=====</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>--- Motion Begins
                                      ---</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>This ballot
                                      modifies the “Baseline
                                      Requirements for the Issuance and
                                      Management of Publicly-Trusted
                                      Certificates” as follows, based on
                                      Version 1.7.</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>4</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>:</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>Proposed ballot
                                      language:</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif;font-weight:bold" lang="EN-US"><span>4.9.1.1 Reasons
                                      for Revoking a Subscriber
                                      Certificate</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>Replace:</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>4. The CA is made
                                      aware of a demonstrated or proven
                                      method that can easily compute the
                                      Subscriber’s Private Key based on
                                      the Public Key in the Certificate
                                      (such as a Debian weak key, see
                                      <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427588972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=iWW%2BuEA9mcbJeC2ib%2BCqL9kX37UmbZc8vmwedxXYPVk%3D&reserved=0" target="_blank">
                                        https://wiki.debian.org/SSLkeys</a>)</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>With:</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>4. The CA is made
                                      aware of a demonstrated or proven
                                      method that can easily compute the
                                      Subscriber’s Private Key (such as
                                      those identified in 6.1.1.3(4)).</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>---</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif;font-weight:bold" lang="EN-US"><span>6.1.1.3.
                                      Subscriber Key Pair Generation</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>Replace:</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>The CA SHALL
                                      reject a certificate request if
                                      one or more of the following
                                      conditions are met:</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>1. The Key Pair
                                      does not meet the requirements set
                                      forth in Section 6.1.5 and/or
                                      Section
                                    </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>6.1.6;</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>2. There is clear
                                      evidence that the specific method
                                      used to generate the Private Key
                                      was
                                    </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>flawed;</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>3. The CA is
                                      aware of a demonstrated or proven
                                      method that exposes the
                                      Applicant's Private Key to
                                    </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>compromise;</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>4. The CA has
                                      previously been made aware that
                                      the Applicant's Private Key has
                                      suffered a Key Compromise, such as
                                      through the provisions of Section
                                    </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>4.9.1.1;</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>5. The CA is
                                      aware of a demonstrated or proven
                                      method to easily compute the
                                      Applicant's Private Key based on
                                      the Public Key (such as a Debian
                                      weak key, see
                                      <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427598936%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Ew6NrifPP7aQ%2FpipZPoaVpAbG7f86rD3GNVxH3pXtyo%3D&reserved=0" target="_blank">
                                        https://wiki.debian.org/SSLkeys</a>).</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>With:</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>The CA SHALL
                                      reject a certificate request if
                                      one or more of the following
                                      occurs:</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>1) The requested
                                      Public Key does not meet the
                                      requirements set forth in Sections
                                      6.1.5 and/or
                                    </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>6.1.6;</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>2) The CA is
                                      aware of a demonstrated or proven
                                      method that exposes the
                                      Subscriber's Private Key to
                                    </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>compromise;</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>3) The CA has
                                      previously been made aware that
                                      the Subscriber's Private Key has
                                      suffered a Key Compromise, such as
                                      through the provisions of Section
                                    </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>4.9.1.1;</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>4) The Public Key
                                      corresponds to an industry
                                      demonstrated weak Private Key, in
                                      particular:</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>a) In the case of
                                      ROCA vulnerability, the CA SHALL
                                      reject keys identified by the
                                      tools available at
                                      <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcrocs-muni%2Froca&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427598936%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zqHEv702oWQ2YA9BB57%2F9QtaMb1FIrSqe5ErCKo83e0%3D&reserved=0" target="_blank">
https://github.com/crocs-muni/roca</a> or equivalent.</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>b) In the case of
                                      Debian weak keys (<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.debian.org%2FSSLkeys&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427608887%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Vf3oSwAp6t5ogXcgdDaIoXh7GRNnMuMye0oAB3t44vE%3D&reserved=0" target="_blank">https://wiki.debian.org/SSLkeys</a>),
                                      the CA SHALL reject at least keys
                                      generated by the flawed OpenSSL
                                      version with the combination of
                                      the following parameters:</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>i</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>) Big-endian
                                      32-bit, little-endian 32-bit, and
                                      little-endian 64-bit </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>architecture;</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>ii) Process ID of
                                      0 to 32767, </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>inclusive;</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>iii) All RSA
                                      Public Key lengths supported by
                                      the CA up to and including 4096 </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>bits;</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>iv)
                                    </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>rnd</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>,
                                    </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>nornd</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>, and </span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>noreadrnd</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span> OpenSSL random
                                      file state.</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>For Debian weak
                                      keys not covered above, the CA
                                      SHALL take actions to minimize the
                                      probability of certificate
                                      issuance.</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span></span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"> </span></p>
                              </div>
                              <div style="direction:ltr">
                                <p style="margin:0px;font-weight:normal;font-style:normal;vertical-align:baseline;background-color:transparent;color:windowtext;text-align:left;padding-left:0px;padding-right:0px;text-indent:0px"><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif" lang="EN-US"><span>--- Motion Ends
                                      ---</span></span><span style="font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_EmbeddedFont,Calibri_MSFontService,sans-serif"><br>
                                  </span></p>
                              </div>
                              <div>On 1/18/2021 3:34 PM, Rob Stradling
                                wrote:<br>
                              </div>
                              <blockquote type="cite">
                                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">>
                                  I'm mid-way through generating the
                                  RSA-4096 keys.</div>
                                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                                </div>
                                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">The
                                  RSA-4096 private keys and blocklists
                                  are now in <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCVE-2008-0166%2Fprivate_keys&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427608887%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0znFAjKLax7sMw9zd1dVNwocZ1JRxKXOiLvAzs4vu5I%3D&reserved=0" target="_blank">
https://github.com/CVE-2008-0166/private_keys</a> and <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCVE-2008-0166%2Fopenssl_blocklists&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427608887%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NOXBe3t1dfJTyboeg%2BFKYZepK%2Fuu84FH5%2BL0P3gQelU%3D&reserved=0" target="_blank">
https://github.com/CVE-2008-0166/openssl_blocklists</a>.</div>
                                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                                </div>
                                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">The
                                  RSA-2048 and RSA-4096 private keys in <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FHARICA-official%2Fdebian-weak-keys&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427618846%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Dhqfdr2dGsccIDXxzX8W3swXYMfkuSdEyofm8IrY6w0%3D&reserved=0" target="_blank">https://github.com/HARICA-official/debian-weak-keys</a> (which
                                  only covers 2 of the 3 word size /
                                  endianness combinations) are identical
                                  to the equivalents in <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCVE-2008-0166%2Fprivate_keys&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427618846%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4jGuws7jDh%2FSA0tNHNwYP6WoSL2YHeJsgmNB43el4kw%3D&reserved=0" target="_blank">https://github.com/CVE-2008-0166/private_keys</a>.</div>
                                <div>
                                  <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                                  </div>
                                  <hr style="display:inline-block;width:98%">
                                  <div id="gmail-m_-3798143528580690523gmail-m_6461232490569725619x_x_x_divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b>
                                      Dimitris Zacharopoulos (HARICA)
                                      <a href="mailto:dzacharo@harica.gr" target="_blank"><dzacharo@harica.gr></a><br>
                                      <b>Sent:</b> 14 January 2021 18:39<br>
                                      <b>To:</b> Rob Stradling <a href="mailto:rob@sectigo.com" target="_blank">
                                        <rob@sectigo.com></a>;
                                      CA/B Forum Server Certificate WG
                                      Public Discussion List <a href="mailto:servercert-wg@cabforum.org" target="_blank">
<servercert-wg@cabforum.org></a>; Jacob Hoffman-Andrews <a href="mailto:jsha@letsencrypt.org" target="_blank">
                                        <jsha@letsencrypt.org></a>;
                                      Christopher Kemmerer <a href="mailto:chris@ssl.com" target="_blank">
                                        <chris@ssl.com></a><br>
                                      <b>Subject:</b> Re:
                                      [Servercert-wg] SCXX Ballot
                                      proposal: Debian Weak keys</font>
                                    <div> </div>
                                  </div>
                                  <div>
                                    <div style="background-color:rgb(250,250,3);width:100%;border-style:solid;border-color:rgb(0,0,0);border-width:1pt;padding:2pt;font-size:10pt;line-height:12pt;font-family:"Calibri";color:black;text-align:left"><span>CAUTION:</span>
                                      This email originated from outside
                                      of the organization. Do not click
                                      links or open attachments unless
                                      you recognize the sender and know
                                      the content is safe.</div>
                                    <br>
                                    <div><br>
                                      <br>
                                      <div>On 14/1/2021 12:30 π.μ., Rob
                                        Stradling wrote:<br>
                                      </div>
                                      <blockquote type="cite">
                                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">Thanks
                                          Dmitris.</div>
                                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                                        </div>
                                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">So
                                          far I've generated the
                                          RSA-2048 and RSA-3072 keys
                                          using <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCVE-2008-0166%2Fkey_generator&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427618846%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=X%2FYscZuPRVGJL8QEL20esewX8EBq2XmujevGMoNyc5k%3D&reserved=0" target="_blank">
https://github.com/CVE-2008-0166/key_generator</a> and uploaded them to
                                          <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCVE-2008-0166%2Fprivate_keys&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427628804%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=M9YAvqYsZBsy7ylSBD2PRWn5FD%2B5e0mAW3g09%2F%2Fi01Q%3D&reserved=0" target="_blank">
https://github.com/CVE-2008-0166/private_keys</a>, and I've generated
                                          the corresponding blocklists
                                          and uploaded them to
                                          <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCVE-2008-0166%2Fopenssl_blocklists&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427628804%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qs90ivAJks%2BHIgRFMo7waVR06sAfeOnVy%2Fd3uvhZwBc%3D&reserved=0" target="_blank">
https://github.com/CVE-2008-0166/openssl_blocklists</a>.  My RSA-2048
                                          blocklists exactly match the
                                          ones from the original Debian
                                          openssl-blacklist package.</div>
                                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">I'm
                                          mid-way through generating the
                                          RSA-4096 keys.</div>
                                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                                        </div>
                                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">Let's
                                          compare keys when we're both
                                          done.  <span id="gmail-m_-3798143528580690523gmail-m_6461232490569725619x_x_x_x_🙂">🙂</span></div>
                                      </blockquote>
                                      <br>
                                      Certainly :-) the RSA-2048 keys
                                      already match the fingerprints
                                      from the openssl-blacklist Debian
                                      package.<br>
                                      <br>
                                      We did this work several months
                                      ago but never found the time to
                                      make it publicly available. We
                                      managed to break down the big task
                                      and run jobs in parallel which
                                      made things a bit more
                                      interesting.<br>
                                      <br>
                                      It's nice we did this
                                      independently, I guess it
                                      increases the accuracy level of
                                      the resulted keys :)<br>
                                      <br>
                                      <br>
                                      Cheers,<br>
                                      Dimitris.<br>
                                      <br>
                                      <blockquote type="cite">
                                        <div>
                                          <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                                          </div>
                                          <hr style="display:inline-block;width:98%">
                                          <div id="gmail-m_-3798143528580690523gmail-m_6461232490569725619x_x_x_x_divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b>
                                              Dimitris Zacharopoulos
                                              (HARICA)
                                              <a href="mailto:dzacharo@harica.gr" target="_blank"><dzacharo@harica.gr></a><br>
                                              <b>Sent:</b> 13 January
                                              2021 21:49<br>
                                              <b>To:</b> Rob Stradling <a href="mailto:rob@sectigo.com" target="_blank">
                                                <rob@sectigo.com></a>;
                                              CA/B Forum Server
                                              Certificate WG Public
                                              Discussion List <a href="mailto:servercert-wg@cabforum.org" target="_blank">
<servercert-wg@cabforum.org></a>; Jacob Hoffman-Andrews <a href="mailto:jsha@letsencrypt.org" target="_blank">
<jsha@letsencrypt.org></a>; Christopher Kemmerer <a href="mailto:chris@ssl.com" target="_blank">
                                                <chris@ssl.com></a><br>
                                              <b>Subject:</b> Re:
                                              [Servercert-wg] SCXX
                                              Ballot proposal: Debian
                                              Weak keys</font>
                                            <div> </div>
                                          </div>
                                          <div>
                                            <div style="background-color:rgb(250,250,3);width:100%;border-style:solid;border-color:rgb(0,0,0);border-width:1pt;padding:2pt;font-size:10pt;line-height:12pt;font-family:"Calibri";color:black;text-align:left"><span>CAUTION:</span>
                                              This email originated from
                                              outside of the
                                              organization. Do not click
                                              links or open attachments
                                              unless you recognize the
                                              sender and know the
                                              content is safe.</div>
                                            <br>
                                            <div>Dear friends,<br>
                                              <br>
                                              HARICA has generated the
                                              weak keys (RSA 2048 and
                                              4096 bit lengths) from the
                                              vulnerable openssl
                                              package. We will generate
                                              3072 bit keys as well and
                                              add them soon. The
                                              methodology is described
                                              in the following GitHub
                                              repo along with the
                                              produced keys:<br>
                                              <ul>
                                                <li><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FHARICA-official%2Fdebian-weak-keys&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427638763%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=2LMewzOLNRKgtOoPARP4WDsHJBpwKiVlu8xYOWO4TtI%3D&reserved=0" target="_blank">https://github.com/HARICA-official/debian-weak-keys</a></li>
                                              </ul>
                                              Please review and let us
                                              know if you spot any
                                              issues or problems with
                                              our approach and
                                              methodology.<br>
                                              <br>
                                              As always, please use
                                              other people's work at
                                              your own risk.<br>
                                              <br>
                                              <br>
                                              Dimitris.<br>
                                              <br>
                                              <div>On 7/1/2021 2:25
                                                μ.μ., Rob Stradling via
                                                Servercert-wg wrote:<br>
                                              </div>
                                              <blockquote type="cite">
                                                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">I've
                                                  used crt.sh to produce
                                                  a survey of key
                                                  algorithms/sizes in
                                                  currently unexpired,
                                                  publicly-trusted
                                                  server certificates:</div>
                                                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                                                </div>
                                                <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgist.github.com%2Frobstradling%2Fa5590b6a13218fe561dcb5d5c67932c5&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427638763%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zyp7rN9Ter7PZFrcoOOJpiD%2FXK4i5ywH76X%2BC5d4Yeo%3D&reserved=0" target="_blank">https://gist.github.com/robstradling/a5590b6a13218fe561dcb5d5c67932c5</a><br>
                                                </div>
                                                <div>
                                                  <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                                                  </div>
                                                  <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">The
                                                    four most popular
                                                    choices are no
                                                    surprise: RSA-2048,
                                                    P-256, RSA-4096, and
                                                    P-384. 
                                                    openssl-blacklist
                                                    covers RSA-2048 and
                                                    RSA-4096, and ECC
                                                    keys are implicitly
                                                    not Debian weak
                                                    keys.</div>
                                                  <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                                                  </div>
                                                  <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt">Fifth
                                                      most popular is
                                                      RSA-3072, with
                                                      over 3 million
                                                      unexpired,
                                                      publicly-trusted
                                                      server certs. 
                                                      openssl-blacklist
                                                      doesn't cover
                                                      RSA-3072, but ISTM
                                                      that this is a key
                                                      size that CAs will
                                                      want to permit.</span><br>
                                                  </div>
                                                  <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt"><br>
                                                    </span></div>
                                                  <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">Some
                                                    of the lesser used
                                                    key sizes are mostly
                                                    likely due to
                                                    Subscriber typos
                                                    (e.g., 2408 and 3048
                                                    were probably
                                                    intended to be 2048,
                                                    4048 was probably
                                                    intended to be
                                                    either 2048 or 4096,
                                                    etc), but some of
                                                    the other ones look
                                                    like they were
                                                    deliberately chosen
                                                    (e.g., 2432 is
                                                    2048+384).  Is it
                                                    worth generating
                                                    Debian weak
                                                    keys/blocklists for
                                                    any of these key
                                                    sizes?</div>
                                                  <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt"><br>
                                                    </span></div>
                                                  <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt"><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FSpecialPublications%2FNIST.SP.800-57pt1r5.pdf&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427638763%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3liYc3twFgYbd%2F6JAQ96%2FDoNMMKUFsPlkMznegF77GM%3D&reserved=0" target="_blank">https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf</a> (Table
                                                      4, p59) permits
                                                      RSA-2048 until the
                                                      end of 2030,
                                                      whereas </span><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.sogis.eu%2Fdocuments%2Fcc%2Fcrypto%2FSOGIS-Agreed-Cryptographic-Mechanisms-1.2.pdf&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427648716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t8p%2BoIE1SPC8qw1mnFrEeO%2BWHYB%2FVOA3lkU1sef%2ByWU%3D&reserved=0" style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt" target="_blank">https://www.sogis.eu/documents/cc/crypto/SOGIS-Agreed-Cryptographic-Mechanisms-1.2.pdf</a> permits
                                                    RSA-2048 only until
                                                    the end of 2025.  It
                                                    is of course
                                                    possible that
                                                    quantum computing
                                                    will render RSA
                                                    obsolete before
                                                    Subscribers need to
                                                    think about which
                                                    larger RSA keysize
                                                    they want to migrate
                                                    to; however, it
                                                    seems prudent to
                                                    also plan for the
                                                    possibility that RSA
                                                    will survive and
                                                    that some other RSA
                                                    keysize(s) might
                                                    become popular.</div>
                                                  <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                                                  </div>
                                                  <hr style="display:inline-block;width:98%">
                                                  <div id="gmail-m_-3798143528580690523gmail-m_6461232490569725619x_x_x_x_x_divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri,
                                                      sans-serif" color="#000000"><b>From:</b>
                                                      Servercert-wg
                                                      <a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank">
<servercert-wg-bounces@cabforum.org></a> on behalf of Rob
                                                      Stradling via
                                                      Servercert-wg
                                                      <a href="mailto:servercert-wg@cabforum.org" target="_blank">
<servercert-wg@cabforum.org></a><br>
                                                      <b>Sent:</b> 06
                                                      January 2021 16:08<br>
                                                      <b>To:</b> Jacob
                                                      Hoffman-Andrews <a href="mailto:jsha@letsencrypt.org" target="_blank">
<jsha@letsencrypt.org></a>; Christopher Kemmerer <a href="mailto:chris@ssl.com" target="_blank">
<chris@ssl.com></a>; CA/B Forum Server Certificate WG Public
                                                      Discussion List <a href="mailto:servercert-wg@cabforum.org" target="_blank">
<servercert-wg@cabforum.org></a><br>
                                                      <b>Subject:</b>
                                                      Re:
                                                      [Servercert-wg]
                                                      SCXX Ballot
                                                      proposal: Debian
                                                      Weak keys</font>
                                                    <div> </div>
                                                  </div>
                                                  <div dir="ltr">
                                                    <div style="background-color:rgb(250,250,3);width:100%;border-style:solid;border-color:rgb(0,0,0);border-width:1pt;padding:2pt;font-size:10pt;line-height:12pt;font-family:"Calibri";color:black;text-align:left"><span>CAUTION:</span>
                                                      This email
                                                      originated from
                                                      outside of the
                                                      organization. Do
                                                      not click links or
                                                      open attachments
                                                      unless you
                                                      recognize the
                                                      sender and know
                                                      the content is
                                                      safe.</div>
                                                    <br>
                                                    <div>
                                                      <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
                                                        <div style="margin:0px;font-size:12pt">Jacob
                                                          wrote:</div>
                                                        <div style="margin:0px;font-size:12pt">>
                                                          Lastly, I
                                                          think we
                                                          should archive
openssl-blacklist, and include in the BRs: "A CA may reject the full set
                                                          of Debian weak
                                                          keys by
                                                          rejecting this
                                                          superset of
                                                          the Debian
                                                          weak keys:</div>
                                                        <div style="margin:0px;font-size:12pt">><br>
                                                          <div>> -
                                                          All RSA public
                                                          keys with
                                                          modulus
                                                          lengths other
                                                          than 2048 or
                                                          4096, and</div>
                                                          <div>> -
                                                          All RSA public
                                                          keys with
                                                          exponents
                                                          other than
                                                          65537, and</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Hi
                                                          Jacob.  65537
                                                          (aka 0x10001)
                                                          is hard-coded
                                                          here...</div>
                                                          <div><span style="background-color:rgb(255,255,255);display:inline"><br>
                                                          </span></div>
                                                          <div><span style="background-color:rgb(255,255,255);display:inline"><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenssl%2Fopenssl%2Fblob%2FOpenSSL_0_9_8f%2Fapps%2Freq.c%23L768&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427648716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4ROhglN%2FjGObdJvEVKvM90IxeO7IhKtPubHTUBzBkhY%3D&reserved=0" target="_blank">https://github.com/openssl/openssl/blob/OpenSSL_0_9_8f/apps/req.c#L768</a><br>
                                                          </span></div>
                                                          <div><br>
                                                          </div>
                                                          <div>Would it
                                                          therefore be
                                                          fair to say
                                                          that keys with
                                                          public
                                                          exponents
                                                          other than
                                                          65537 are
                                                          implicitly
                                                          <u>not</u> Debian
                                                          weak keys?</div>
                                                          <div><br>
                                                          </div>
                                                          > - All RSA
                                                          public keys
                                                          that are
                                                          detected as
                                                          vulnerable by
                                                          the
                                                          openssl-vulnkey
                                                          program in the
openssl-blacklist package version 0.5-3 (see addendum), or an equivalent
                                                          program."</div>
                                                      </div>
                                                      <div>
                                                        <div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br>
                                                        </div>
                                                        <hr style="display:inline-block;width:98%">
                                                        <div id="gmail-m_-3798143528580690523gmail-m_6461232490569725619x_x_x_x_x_x_divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b>
                                                          Servercert-wg
                                                          <a href="mailto:servercert-wg-bounces@cabforum.org" target="_blank">
<servercert-wg-bounces@cabforum.org></a> on behalf of Jacob
                                                          Hoffman-Andrews
                                                          via
                                                          Servercert-wg
                                                          <a href="mailto:servercert-wg@cabforum.org" target="_blank">
<servercert-wg@cabforum.org></a><br>
                                                          <b>Sent:</b>
                                                          12 December
                                                          2020 02:21<br>
                                                          <b>To:</b>
                                                          Christopher
                                                          Kemmerer <a href="mailto:chris@ssl.com" target="_blank">
<chris@ssl.com></a>; CA/B Forum Server Certificate WG Public
                                                          Discussion
                                                          List <a href="mailto:servercert-wg@cabforum.org" target="_blank">
<servercert-wg@cabforum.org></a><br>
                                                          <b>Subject:</b>
                                                          Re:
                                                          [Servercert-wg]
                                                          SCXX Ballot
                                                          proposal:
                                                          Debian Weak
                                                          keys</font>
                                                          <div> </div>
                                                        </div>
                                                        <div>
                                                          <div style="background-color:rgb(250,250,3);width:100%;border-style:solid;border-color:rgb(0,0,0);border-width:1pt;padding:2pt;font-size:10pt;line-height:12pt;font-family:"Calibri";color:black;text-align:left"><span>CAUTION:</span>
                                                          This email
                                                          originated
                                                          from outside
                                                          of the
                                                          organization.
                                                          Do not click
                                                          links or open
                                                          attachments
                                                          unless you
                                                          recognize the
                                                          sender and
                                                          know the
                                                          content is
                                                          safe.</div>
                                                          <br>
                                                          <div>
                                                          <div dir="ltr">Thanks
                                                          for your
                                                          continued
                                                          efforts to
                                                          improve this
                                                          part of the
                                                          BRs! Let's
                                                          Encrypt is in
                                                          theory
                                                          interested in
                                                          endorsing, but
                                                          I think it
                                                          still needs a
                                                          bit of work.
                                                          Thanks for
                                                          incorporating
                                                          my most recent
                                                          comments on
                                                          endianness and
                                                          word size vs
                                                          11 platforms.<br>
                                                          <br>
                                                          Goals: We want
                                                          CAs to
                                                          consistently
                                                          not issue
                                                          certificates
                                                          for weak keys
                                                          in general,
                                                          and also in
                                                          the specific
                                                          case of Debian
                                                          and ROCA keys.
                                                          We want the
                                                          definition of
                                                          Debian and
                                                          ROCA keys to
                                                          be clear and
                                                          actionable for
                                                          as long as
                                                          possible -
                                                          say, at least
                                                          twenty years.<br>
                                                          <br>
                                                          We have three
                                                          ways to
                                                          specify Debian
                                                          and ROCA keys:
                                                          With a list,
                                                          with a tool,
                                                          or with an
                                                          algorithm*.
                                                          The original
                                                          revision of
                                                          this ballot
                                                          proposed to
                                                          use a list (<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fpipermail%2Fservercert-wg%2F2020-April%2F001821.html&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427648716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YvYqBm1HlforxiPN1zQbeSUf4AW04sLaYCuEjiLfFzA%3D&reserved=0" target="_blank">https://lists.cabforum.org/pipermail/servercert-wg/2020-April/001821.html</a>).
                                                          There were two
                                                          objections:<br>
                                                          <br>
                                                           - The list
                                                          (openssl-blacklist)
                                                          is subject to
                                                          change or
                                                          removal.<br>
                                                           - The list
                                                          only covers
                                                          2048 and 4096
                                                          bit keys.<br>
                                                          <br>
                                                          The current
                                                          draft proposes
                                                          specifying a
                                                          tool for ROCA
                                                          (<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcrocs-muni%2Froca&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427658670%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Ybwh7xp1zVuEj8avYqsDHslP2NrZEzoOPOx4bEI4%2B5I%3D&reserved=0" target="_blank">https://github.com/crocs-muni/roca</a>)
                                                          and an
                                                          algorithm for
                                                          Debian keys.<br>
                                                          <br>
                                                          The ROCA tool
                                                          is subject to
                                                          change or
                                                          removal, just
                                                          like the
                                                          openssl-blacklist
                                                          package. I
                                                          propose we
                                                          instead
                                                          specify ROCA
                                                          detection in
                                                          terms of the
                                                          paper (<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrocs.fi.muni.cz%2Fpublic%2Fpapers%2Frsa_ccs17&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427658670%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6550FZqHPDF6KM3F17d6rKeCfP0Zau%2BGWYwPYal7acY%3D&reserved=0" target="_blank">https://crocs.fi.muni.cz/public/papers/rsa_ccs17</a>)
                                                          and ask for
                                                          permission
                                                          from the
                                                          authors to
                                                          archive an
                                                          unchanging
                                                          copy as an
                                                          addendum to
                                                          the BRs.<br>
                                                          <br>
                                                          For Debian
                                                          keys, what
                                                          looks like an
                                                          algorithm
                                                          specification
                                                          is actually a
                                                          tool +
                                                          algorithm
                                                          specification.
                                                          The tool is
                                                          "OpenSSL
                                                          0.9.8c-1 up to
                                                          versions
                                                          before
                                                          0.9.8g-9 on
                                                          Debian-based
                                                          operating
                                                          systems" (per
                                                          CVE-2008-01666
                                                          -
                                                          <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3D2008-0166&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427658670%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=QdZIVGYB%2B3jgtU05nS52CnLACgzSkjXmC%2FonOtuWFa4%3D&reserved=0" target="_blank">
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0166</a>). To ensure
                                                          an unchanging
                                                          copy of that,
                                                          we should
                                                          archive 3
                                                          copies of
                                                          Debian, for
                                                          the 3 word
                                                          size +
                                                          endianness
                                                          combinations.<br>
                                                          <br>
                                                          The algorithm
                                                          also needs an
                                                          additional
                                                          line: "v)
                                                          using the
                                                          command
                                                          'openssl req
                                                          -nodes -subj /
                                                          -newkey
                                                          rsa:<Public
                                                          Key
                                                          length>'"
                                                          (adapted from
                                                          <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsources.debian.org%2Fdata%2Fmain%2Fo%2Fopenssl-blacklist%2F0.5-3%2Fexamples%2Fgen_certs.sh&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427668630%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FmV%2BEdnUMMSfAiJBQfFxfcq98T5WzVgTj%2Bhqjbt7AJY%3D&reserved=0" target="_blank">
https://sources.debian.org/data/main/o/openssl-blacklist/0.5-3/examples/gen_certs.sh</a>).
                                                          Other tools
                                                          that linked
                                                          OpenSSL, like
                                                          openvpn and
                                                          openssh,
                                                          generated
                                                          different sets
                                                          of keys. We
                                                          can include or
                                                          exclude
                                                          openvpn and
                                                          openssh keys,
                                                          but should
                                                          thoroughly
                                                          specify.<br>
                                                          <br>
                                                          Lastly, I
                                                          think we
                                                          should archive
openssl-blacklist, and include in the BRs: "A CA may reject the full set
                                                          of Debian weak
                                                          keys by
                                                          rejecting this
                                                          superset of
                                                          the Debian
                                                          weak keys:<br>
                                                          <br>
                                                           - All RSA
                                                          public keys
                                                          with modulus
                                                          lengths other
                                                          than 2048 or
                                                          4096, and<br>
                                                           - All RSA
                                                          public keys
                                                          with exponents
                                                          other than
                                                          65537, and<br>
                                                           - All RSA
                                                          public keys
                                                          that are
                                                          detected as
                                                          vulnerable by
                                                          the
                                                          openssl-vulnkey
                                                          program in the
openssl-blacklist package version 0.5-3 (see addendum), or an equivalent
                                                          program."<br>
                                                          <br>
                                                          My reasoning:
                                                          Given the
                                                          difficulty of
                                                          correctly
                                                          setting up old
                                                          Debian
                                                          versions and
                                                          generating
                                                          weak keys for
                                                          sizes that are
                                                          not part of
                                                          openssl-blacklist,
                                                          I expect most
                                                          CAs will
                                                          choose this
                                                          path. Given
                                                          that, we
                                                          should just
                                                          say what we
                                                          mean: the
                                                          pregenerated
                                                          list is fine
                                                          if you
                                                          restrict key
                                                          sizes, but you
                                                          don't *have*
                                                          to restrict
                                                          key sizes, so
                                                          long as you
                                                          have an
                                                          alternate
                                                          method to
                                                          ensure you're
                                                          not issuing
                                                          for Debian
                                                          weak keys at
                                                          other sizes.<br>
                                                          <br>
                                                          *I'm
                                                          considering
                                                          specifying an
                                                          algorithm to
                                                          be
                                                          functionally
                                                          equivalent to
                                                          specifying an
                                                          "outcome,"
                                                          though I
                                                          recognize this
                                                          may be too
                                                          hand-wavy.<br>
                                                          </div>
                                                          </div>
                                                        </div>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </div>
                                                <br>
                                                <fieldset></fieldset>
                                                <pre>_______________________________________________
Servercert-wg mailing list
<a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a>
<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fservercert-wg&data=04%7C01%7Crob%40sectigo.com%7Ca505320417514683604108d962906fbc%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637649196427668630%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Z77j7m49%2BG5JpAB2aJbLYXkFx2DHsia00M2%2FIRob%2Bqs%3D&reserved=0" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a>
</pre>
                                              </blockquote>
                                              <br>
                                            </div>
                                          </div>
                                        </div>
                                      </blockquote>
                                      <br>
                                    </div>
                                  </div>
                                </div>
                              </blockquote>
                            </div>
                          </div>
                        </div>
                      </blockquote>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
          _______________________________________________<br>
          Servercert-wg mailing list<br>
          <a href="mailto:Servercert-wg@cabforum.org" target="_blank">Servercert-wg@cabforum.org</a><br>
          <a href="https://lists.cabforum.org/mailman/listinfo/servercert-wg" rel="noreferrer" target="_blank">https://lists.cabforum.org/mailman/listinfo/servercert-wg</a><br>
        </blockquote>
      </div>
    </blockquote>
  </div>

</blockquote></div>